| Vulnerability Name: | CVE-2013-4012 (CCN-85618) | ||||||||
| Assigned: | 2013-12-20 | ||||||||
| Published: | 2013-12-20 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P) 3.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-4012 Source: AIXAPAR Type: UNKNOWN PM93172 Source: CCN Type: IBM Security Bulletin 1660011 Fixes available for Security Vulnerabilities in IBM WebSphere Portal Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21660011 Source: CCN Type: OSVDB ID: 101272 IBM WebSphere Portal Content Template Catalog Unprivileged PAA Installation/Execution Source: CCN Type: BID-64498 IBM WebSphere Portal Content Template Catalog Remote Code Execution Vulnerability Source: XF Type: UNKNOWN was-portal-cve20134012-code-exec(85618) Source: XF Type: UNKNOWN ibm-wsportal-cve20134012-paa(85618) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||