CVE-2014-6193 - IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages settin

CVE-2014-6193

Summary

IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, when the Managed Pages setting is enabled, allows remote authenticated users to write to pages via an XML injection attack. <a href="http://cwe.mitre.org/data/definitions/91.html">CWE-91: XML Injection (aka Blind XPath Injection)</a>

References

Vulnerable Configurations

cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 08-09-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:P/A:P

refmap via4

aixapar	PI28699
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21692107
xf	ibm-wsportal-cve20146193-xml-injection(98567)

Last major update

08-09-2017 - 01:29

Published

19-12-2014 - 02:59

Last modified

08-09-2017 - 01:29