CVE-2013-2951

Published: Jul 11, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.

Affected (5)

Products: Ibm: Websphere Portal

Ibm

1 product

Websphere Portal

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Portal	Version 7.0.0.0
Ibm Websphere Portal	Version 7.0.0.1
Ibm Websphere Portal	Version 7.0.0.2
Ibm Websphere Portal	Version 8.0.0.0
Ibm Websphere Portal	Version 8.0.0.1

Related CWEs

CWE-255

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21642097

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/83621

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www-01.ibm.com/support/docview.wss?uid=swg21642097

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/83621

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.