CVE-2013-4012

Published: Dec 22, 2013Modified: Apr 29, 2026

4.9

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:P

Exploitability: 6.8 / Impact: 4.9

Source: NVD

Description

IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

Affected (2)

Products: Ibm: Websphere Portal

1 product

Websphere Portal

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ibm Websphere Portal	Version 8.0.0.0
Ibm Websphere Portal	Version 8.0.0.1

Running on/with	Platform Versions
Ibm Content Template Catalog	Version 4.0

Related CWEs

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21660011

Source: psirt@us.ibm.com

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/85618

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1PM93172

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21660011

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/85618

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.