PT-2014-3945 · Ibm · Ibm Websphere Portal+1

Published

2014-05-16

Updated

2017-08-29

CVE-2014-0918

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5 through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0 through 7.0.0.2 CF27 IBM WebSphere Portal version 8.0 before 8.0.0.1 CF06

Description The issue allows remote attackers to read arbitrary files via a crafted URL, due to a directory traversal vulnerability in the IBM Eclipse Help System (IEHS) component.

Recommendations For IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27, update to a version after 6.1.0.6 CF27. For IBM WebSphere Portal versions 6.1.5 through 6.1.5.3 CF27, update to a version after 6.1.5.3 CF27. For IBM WebSphere Portal versions 7.0 through 7.0.0.2 CF27, update to a version after 7.0.0.2 CF27. For IBM WebSphere Portal version 8.0 before 8.0.0.1 CF06, update to 8.0.0.1 CF06 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2014-0918

Affected Products

Ibm Eclipse Help System

Ibm Websphere Portal

PT-2014-3945 · Ibm · Ibm Websphere Portal+1

CVE-2014-0918

Weakness Enumeration

Related Identifiers

Affected Products

References · 6