Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Information Disclosure Vulnerability in IBM WebSphere Portal

 

Systems Affected


WebSphere Portal version 8.5.0
WebSphere Portal versions 8.0.0 to 8.0.0.1
WebSphere Portal versions 7.0.0 to 7.0.2
WebSphere Portal versions 6.1.5.0 to 6.1.5.3
WebSphere Portal versions 6.1.0.0 to 6.1.0.6

Threat Level


Medium


Overview


Information disclosure vulnerability has been reported in IBM WebSphere Portal which could be exploited by a remote attacker to access sensitive information on the target system.


Description


This vulnerability exists due to improper Access Control in Portal Access Control REST API.

A remote attacker could exploit this vulnerability via specially crafted REST API request to bypass intended security restrictions and gain access to sensitive information such as the access control configuration the requested resource.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in IBM Security Bulletin

http://www-304.ibm.com/support/docview.wss?uid=swg21973152


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.