cve-2013-6735
Vulnerability from cvelistv5
Published
2013-12-22 15:00
Modified
2024-08-06 17:46
Severity ?
Summary
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.
References
psirt@us.ibm.comhttp://osvdb.org/101255
psirt@us.ibm.comhttp://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.htmlExploit, Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://secunia.com/advisories/56161
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PI07777Not Applicable
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21660289Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/archive/1/530552/100/0/threaded
psirt@us.ibm.comhttp://www.securityfocus.com/bid/64496Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1029539Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/89591
psirt@us.ibm.comhttps://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/101255
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56161
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21660289Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/530552/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64496Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029539Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89591
af854a3a-2127-422b-91ae-364da2661108https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:46:22.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "56161",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56161"
          },
          {
            "name": "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
          },
          {
            "name": "64496",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64496"
          },
          {
            "name": "ibm-wsportal-cve20136735-jcr(89591)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
          },
          {
            "name": "101255",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/101255"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
          },
          {
            "name": "PI07777",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
          },
          {
            "name": "1029539",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029539"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "56161",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56161"
        },
        {
          "name": "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
        },
        {
          "name": "64496",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64496"
        },
        {
          "name": "ibm-wsportal-cve20136735-jcr(89591)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
        },
        {
          "name": "101255",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/101255"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
        },
        {
          "name": "PI07777",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
        },
        {
          "name": "1029539",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029539"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2013-6735",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "56161",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56161"
            },
            {
              "name": "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
            },
            {
              "name": "64496",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64496"
            },
            {
              "name": "ibm-wsportal-cve20136735-jcr(89591)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
            },
            {
              "name": "101255",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/101255"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
            },
            {
              "name": "PI07777",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
            },
            {
              "name": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735",
              "refsource": "CONFIRM",
              "url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
            },
            {
              "name": "1029539",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029539"
            },
            {
              "name": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2013-6735",
    "datePublished": "2013-12-22T15:00:00",
    "dateReserved": "2013-11-08T00:00:00",
    "dateUpdated": "2024-08-06T17:46:22.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C753E1B-D81B-4995-877E-58EDD6F49DDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D54D4DB-FA55-47AE-9E19-FB8368FD40C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"092F8012-A1EE-46CE-B2B2-0604BF4ACBBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FC6A48A-E669-4AA0-AD83-85778A7B6C67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F8C5AD9-2086-4131-A03C-02A89D822080\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82FC2F98-1E99-4B50-88D5-7A2904F4585C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B7F74AC-2B5E-4B6C-9551-576A4F312BBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC51FA38-1C63-47F5-A4CF-1128396B62C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF550E47-49FB-4EBC-83E7-4CFCB7279FEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E618064A-3D05-4DC6-9A47-0EDF2427642F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DE74154-3E79-4D56-96C4-D8E644F1419D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA915826-5D89-43E9-83E7-88973648302A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5DB29F4-59AB-439C-91C4-CDF677676C26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D6CA922-11EF-4315-A09A-B4A8937E4CF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"526738D7-1AF8-4A8F-B833-BA0E35973A3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13D6BE9C-16FD-4FB4-8A87-56B42C246316\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F1964FC-672F-4139-938F-A8EF9D86D9C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5B50CEA-AFC4-4B45-9954-519965237FC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0902AC0F-EA4D-4E65-A70A-15DE9B904B35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D808F95D-C6BD-43EB-B16C-66449977BCFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D303B0B9-CDAB-409B-AE44-512D4791C36F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6ECEE98-B276-4ED6-AA5A-109EA57E9925\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E4FF84B-A17F-464B-A718-67C44D2C69BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C90EF7A4-8181-42C3-BB95-395D0DD94C14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F40E0F5-B964-4BDC-828E-7571619F7C5B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.\"}, {\"lang\": \"es\", \"value\": \"IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener informaci\\u00f3n Java Content Repository (JCR) sensile a trav\\u00e9s de una URL Web Content Manager (WCM) modificada.\"}]",
      "id": "CVE-2013-6735",
      "lastModified": "2024-11-21T01:59:38.370",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-12-22T15:16:04.443",
      "references": "[{\"url\": \"http://osvdb.org/101255\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secunia.com/advisories/56161\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21660289\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/530552/100/0/threaded\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www.securityfocus.com/bid/64496\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029539\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/89591\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://osvdb.org/101255\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secunia.com/advisories/56161\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21660289\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/530552/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/64496\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/89591\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6735\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2013-12-22T15:16:04.443\",\"lastModified\":\"2024-11-21T01:59:38.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.\"},{\"lang\":\"es\",\"value\":\"IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener informaci\u00f3n Java Content Repository (JCR) sensile a trav\u00e9s de una URL Web Content Manager (WCM) modificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C753E1B-D81B-4995-877E-58EDD6F49DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D54D4DB-FA55-47AE-9E19-FB8368FD40C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"092F8012-A1EE-46CE-B2B2-0604BF4ACBBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FC6A48A-E669-4AA0-AD83-85778A7B6C67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F8C5AD9-2086-4131-A03C-02A89D822080\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82FC2F98-1E99-4B50-88D5-7A2904F4585C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B7F74AC-2B5E-4B6C-9551-576A4F312BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC51FA38-1C63-47F5-A4CF-1128396B62C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBCCA8DE-50EF-4154-AF48-A8E1AA2659B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF550E47-49FB-4EBC-83E7-4CFCB7279FEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E618064A-3D05-4DC6-9A47-0EDF2427642F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DE74154-3E79-4D56-96C4-D8E644F1419D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA915826-5D89-43E9-83E7-88973648302A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DB29F4-59AB-439C-91C4-CDF677676C26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D6CA922-11EF-4315-A09A-B4A8937E4CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"526738D7-1AF8-4A8F-B833-BA0E35973A3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D6BE9C-16FD-4FB4-8A87-56B42C246316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F1964FC-672F-4139-938F-A8EF9D86D9C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B50CEA-AFC4-4B45-9954-519965237FC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0902AC0F-EA4D-4E65-A70A-15DE9B904B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D808F95D-C6BD-43EB-B16C-66449977BCFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D303B0B9-CDAB-409B-AE44-512D4791C36F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6ECEE98-B276-4ED6-AA5A-109EA57E9925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E4FF84B-A17F-464B-A718-67C44D2C69BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C90EF7A4-8181-42C3-BB95-395D0DD94C14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F40E0F5-B964-4BDC-828E-7571619F7C5B\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/101255\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/56161\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21660289\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/530552/100/0/threaded\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.securityfocus.com/bid/64496\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029539\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/89591\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://osvdb.org/101255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/56161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21660289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/530552/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/64496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/89591\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.