CVE-2013-4012

IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:P

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172
http://www-01.ibm.com/support/docview.wss?uid=swg21660011	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/85618

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:::::::*
	cpe:2.3:a:ibm:websphere_portal:8.0.0.1:::::::*

cpe:2.3:a:ibm:content_template_catalog:4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-12-22 15:16

Updated : 2024-02-28 12:00

NVD link : CVE-2013-4012

Mitre link : CVE-2013-4012

CVE.ORG link : CVE-2013-4012

JSON object : View

Products Affected

ibm

websphere_portal
content_template_catalog

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-4012", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-22T15:16:04.317", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660011", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85618", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors."}, {"lang": "es", "value": "IBM Websphere Portal 8.0.0.x anteriores a 8.0.0.1 CF09, cuando se utiliza Content Template Catalog 4.0, no requiere privilegios administrativos para la instalaci\u00f3n de archivos Portal Application Archive (PAA), lo cual permite a usuarios remotos autenticados modificar datos o causar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-29T01:33:32.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14"}, {"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:content_template_catalog:4.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4D429DC-45E5-4406-AECA-96E665AF9D84"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}