CVE-2013-6735

Published: Dec 22, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

Affected (26)

Products: Ibm: Websphere Portal

1 product

Websphere Portal

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Ibm Websphere Portal	Version 6.0.0.0
Ibm Websphere Portal	Version 6.0.0.1
Ibm Websphere Portal	Version 6.0.1.0
Ibm Websphere Portal	Version 6.0.1.1
Ibm Websphere Portal	Version 6.0.1.2
Ibm Websphere Portal	Version 6.0.1.3
Ibm Websphere Portal	Version 6.0.1.4
Ibm Websphere Portal	Version 6.0.1.5
Ibm Websphere Portal	Version 6.0.1.6
Ibm Websphere Portal	Version 6.0.1.7
Ibm Websphere Portal	Version 6.1.0.0
Ibm Websphere Portal	Version 6.1.0.1
Ibm Websphere Portal	Version 6.1.0.2
Ibm Websphere Portal	Version 6.1.0.3
Ibm Websphere Portal	Version 6.1.0.4
Ibm Websphere Portal	Version 6.1.0.5
Ibm Websphere Portal	Version 6.1.0.6
Ibm Websphere Portal	Version 6.1.5.0
Ibm Websphere Portal	Version 6.1.5.1
Ibm Websphere Portal	Version 6.1.5.2
Ibm Websphere Portal	Version 6.1.5.3
Ibm Websphere Portal	Version 7.0.0.0
Ibm Websphere Portal	Version 7.0.0.1
Ibm Websphere Portal	Version 7.0.0.2
Ibm Websphere Portal	Version 8.0.0.0
Ibm Websphere Portal	Version 8.0.0.1

Related CWEs

References (20)

http://osvdb.org/101255

Source: psirt@us.ibm.com

http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html

Source: psirt@us.ibm.com

ExploitThird Party AdvisoryVDB Entry

http://secunia.com/advisories/56161

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777

Source: psirt@us.ibm.com

Not Applicable

http://www-01.ibm.com/support/docview.wss?uid=swg21660289

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/archive/1/530552/100/0/threaded

Source: psirt@us.ibm.com

http://www.securityfocus.com/bid/64496

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029539

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/89591

Source: psirt@us.ibm.com

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://osvdb.org/101255

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://secunia.com/advisories/56161

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www-01.ibm.com/support/docview.wss?uid=swg21660289

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/archive/1/530552/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/64496

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029539

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/89591

Source: af854a3a-2127-422b-91ae-364da2661108

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.