CVE-2013-6735

Vulnerability Description

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://osvdb.org/101255
• http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-InjectExploitThird Party AdvisoryVDB Entry
• http://secunia.com/advisories/56161
• http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777Not Applicable
• http://www-01.ibm.com/support/docview.wss?uid=swg21660289PatchVendor Advisory
• http://www.securityfocus.com/archive/1/530552/100/0/threaded
• http://www.securityfocus.com/bid/64496Third Party AdvisoryVDB Entry
• http://www.securitytracker.com/id/1029539Third Party AdvisoryVDB Entry
• https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
• https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_avaiThird Party AdvisoryVDB Entry
• http://osvdb.org/101255
• http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-InjectExploitThird Party AdvisoryVDB Entry
• http://secunia.com/advisories/56161
• http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777Not Applicable
• http://www-01.ibm.com/support/docview.wss?uid=swg21660289PatchVendor Advisory