CVE-2014-6193
First published: Fri Dec 19 2014(Updated: )
IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =8.0.0.0 | |
| IBM WebSphere Portal | =8.0.0.1 | |
| IBM WebSphere Portal | =8.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6193?
CVE-2014-6193 has a medium severity rating due to the potential for remote authenticated users to perform unauthorized actions.
How do I fix CVE-2014-6193?
To fix CVE-2014-6193, you should apply the latest patches or updates provided by IBM for WebSphere Portal.
Who is affected by CVE-2014-6193?
CVE-2014-6193 affects IBM WebSphere Portal versions 8.0.0 to 8.5.0 before CF04 with the Managed Pages setting enabled.
What type of attack does CVE-2014-6193 involve?
CVE-2014-6193 involves an XML injection attack that allows manipulation of pages by remote authenticated users.
What are the consequences of CVE-2014-6193?
The consequences of CVE-2014-6193 can include unauthorized modification of portal content by users who should not have that capability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/8.0.0.0
- version/ibm websphere portal/8.0.0.1
- version/ibm websphere portal/8.5.0.0