CVE-2014-6193

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:P

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699
http://www-01.ibm.com/support/docview.wss?uid=swg21692107	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/98567

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_portal:8.0.0.0:::::::*
	cpe:2.3:a:ibm:websphere_portal:8.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_portal:8.5.0.0:::::::*

History

No history.

Information

Published : 2014-12-19 02:59

Updated : 2017-09-08 01:29

NVD link : CVE-2014-6193

Mitre link : CVE-2014-6193

CVE.ORG link : CVE-2014-6193

JSON object : View

Products Affected

ibm

websphere_portal

CWE

NVD-CWE-Other

{"id": "CVE-2014-6193", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-19T02:59:03.873", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI28699", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692107", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98567", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack."}, {"lang": "es", "value": "IBM WebSphere Portal 8.0.0 hasta 8.0.0.1 CF14 y 8.5.0 anteriores a CF04, cuando est\u00e1 habilitada la configuraci\u00f3n P\u00e1ginas Gestionadas, permite a usuarios remotos autenticados escribir en las p\u00e1ginas a trav\u00e9s de un ataque de inyecci\u00f3n XML."}], "lastModified": "2017-09-08T01:29:12.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14"}, {"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B"}, {"criteria": "cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D03AF20E-0C29-45A6-9B7F-8260D8D9E8BF"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/91.html\">CWE-91: XML Injection (aka Blind XPath Injection)</a>", "sourceIdentifier": "psirt@us.ibm.com"}