Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4834

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4834
Last Modified 10 Apr 2013 11:31:16
Published 30 Nov 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4834

Summary

Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.

Vulnerable Systems

Application

  • Ibm Websphere Portal 7.0.0.1

  • Ibm Websphere Portal 7.0.0.2

  • Ibm Websphere Portal 8.0

  • Ibm Websphere Portal 8.0.0.0


References

XF - websphere-portal-layloader-dir-traversal(78914)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg24033155

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21617713

CONFIRM - http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344

AIXAPAR - PM76354

SECUNIA - 51281


Last Updated: 27 May 2016 10:49:52