CVE-2013-3016

Published: Aug 21, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to access the user directory via a crafted request for a servlet, related to the serveServletsByClassnameEnabled setting.

Affected (10)

Products: Ibm: Websphere Portal

Ibm

1 product

Websphere Portal

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Portal	Version 6.1.0.0
Ibm Websphere Portal	Version 7.0.0.0
Ibm Websphere Portal	Version 7.0.0.0 cf001
Ibm Websphere Portal	Version 8.0.0.0
Ibm Websphere Portal	Version 8.0.0.0 cf01
Ibm Websphere Portal	Version 8.0.0.0 cf02
Ibm Websphere Portal	Version 8.0.0.0 cf03
Ibm Websphere Portal	Version 8.0.0.0 cf04
Ibm Websphere Portal	Version 8.0.0.0 cf05
Ibm Websphere Portal	Version 8.0

Related CWEs

CWE-264

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21647344

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/84350

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21647344

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/84350

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.