CVE-2013-5454: Infoleak
First published: Sat Nov 16 2013(Updated: )
IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =6.0.0.0 | |
| IBM WebSphere Portal | =6.0.0.1 | |
| IBM WebSphere Portal | =6.0.1.0 | |
| IBM WebSphere Portal | =6.0.1.1 | |
| IBM WebSphere Portal | =6.0.1.2 | |
| IBM WebSphere Portal | =6.0.1.3 | |
| IBM WebSphere Portal | =6.0.1.4 | |
| IBM WebSphere Portal | =6.0.1.5 | |
| IBM WebSphere Portal | =6.0.1.6 | |
| IBM WebSphere Portal | =6.1 | |
| IBM WebSphere Portal | =6.1.0.0 | |
| IBM WebSphere Portal | =6.1.0.1 | |
| IBM WebSphere Portal | =6.1.0.2 | |
| IBM WebSphere Portal | =6.1.0.3 | |
| IBM WebSphere Portal | =6.1.0.4 | |
| IBM WebSphere Portal | =6.1.0.5 | |
| IBM WebSphere Portal | =6.1.5.0 | |
| IBM WebSphere Portal | =6.1.5.1 | |
| IBM WebSphere Portal | =6.1.5.2 | |
| IBM WebSphere Portal | =6.1.5.3 | |
| IBM WebSphere Portal | =7.0.0.0 | |
| IBM WebSphere Portal | =7.0.0.1 | |
| IBM WebSphere Portal | =7.0.0.2 | |
| IBM WebSphere Portal | =8.0 | |
| IBM WebSphere Portal | =8.0.0.0 | |
| IBM WebSphere Portal | =8.0.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-5454?
CVE-2013-5454 is considered to have a medium severity level due to its potential for exposing sensitive information.
How do I fix CVE-2013-5454?
To fix CVE-2013-5454, apply the latest patches provided by IBM for the affected versions of WebSphere Portal.
What versions of IBM WebSphere Portal are affected by CVE-2013-5454?
CVE-2013-5454 affects IBM WebSphere Portal versions 6.0 through 8.0, specifically several specified fix packs.
What kind of attacks can CVE-2013-5454 facilitate?
CVE-2013-5454 allows remote attackers to read arbitrary files from the server, which can lead to sensitive data exposure.
Is there a workaround for CVE-2013-5454 if I cannot immediately patch?
A possible workaround for CVE-2013-5454 is to restrict access to the affected components until a patch can be applied.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/6.0.0.0
- version/ibm websphere portal/6.0.0.1
- version/ibm websphere portal/6.0.1.0
- version/ibm websphere portal/6.0.1.1
- version/ibm websphere portal/6.0.1.2
- version/ibm websphere portal/6.0.1.3
- version/ibm websphere portal/6.0.1.4
- version/ibm websphere portal/6.0.1.5
- version/ibm websphere portal/6.0.1.6
- version/ibm websphere portal/6.1
- version/ibm websphere portal/6.1.0.0
- version/ibm websphere portal/6.1.0.1
- version/ibm websphere portal/6.1.0.2
- version/ibm websphere portal/6.1.0.3
- version/ibm websphere portal/6.1.0.4
- version/ibm websphere portal/6.1.0.5
- version/ibm websphere portal/6.1.5.0
- version/ibm websphere portal/6.1.5.1
- version/ibm websphere portal/6.1.5.2
- version/ibm websphere portal/6.1.5.3
- version/ibm websphere portal/7.0.0.0
- version/ibm websphere portal/7.0.0.1
- version/ibm websphere portal/7.0.0.2
- version/ibm websphere portal/8.0
- version/ibm websphere portal/8.0.0.0
- version/ibm websphere portal/8.0.0.1