CVE-2013-3016

Published Aug 21, 2013

Last updated 7 years ago

CVSS info 5.0

Overview

Description: IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5C645C1-21E3-48A8-A1A5-9519CB845493"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CE1E2EF-A079-4A67-AA50-0712D2E330F4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References