CVE-2013-4012

{"id": "CVE-2013-4012", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-22T15:16:04.317", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors."}, {"lang": "es", "value": "IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalaci\u00f3n de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:54:42.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14"}, {"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:content_template_catalog:4.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4D429DC-45E5-4406-AECA-96E665AF9D84"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}