CVE-2013-6735

IBM Web Content Manager XPath Injection

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

IBM Websphere Portal 6.0.0.x hasta 6.0.0.1, 6.0.1.x hasta 6.0.1.7, 6.1.0.x hasta 6.1.0.6 CF27, 6.1.5.x hasta 6.1.5.3 CF27, 7.0.0.x hasta 7.0.0.2 CF26, y 8.0.0.x hasta 8.0.0.1 CF08 permite a atacantes remotos obtener información Java Content Repository (JCR) sensile a través de una URL Web Content Manager (WCM) modificada.

IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-11-08 CVE Reserved
2013-12-22 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-09-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (10)

URL	Tag	Source
http://osvdb.org/101255	Vdb Entry
http://secunia.com/advisories/56161	Third Party Advisory
http://www.securityfocus.com/archive/1/530552/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/64496	Third Party Advisory
http://www.securitytracker.com/id/1029539	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89591	Vdb Entry
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735	Third Party Advisory

URL	Date	SRC
http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html	2024-08-06

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?uid=swg21660289	2018-10-09

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.0.0 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.0.1 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.0.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.0 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.1 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.2 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.3 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.3"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.4 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.4"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.5 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.5"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.6 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.6"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.0.1.7 Search vendor "Ibm" for product "Websphere Portal" and version "6.0.1.7"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.0.0 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.0.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.0.1 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.0.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.0.2 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.0.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.0.3 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.0.3"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.0.4 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.0.4"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.0.5 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.0.5"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.0.6 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.0.6"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.5.0 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.5.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.5.1 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.5.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.5.2 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.5.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				6.1.5.3 Search vendor "Ibm" for product "Websphere Portal" and version "6.1.5.3"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				7.0.0.0 Search vendor "Ibm" for product "Websphere Portal" and version "7.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				7.0.0.1 Search vendor "Ibm" for product "Websphere Portal" and version "7.0.0.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				7.0.0.2 Search vendor "Ibm" for product "Websphere Portal" and version "7.0.0.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				8.0.0.0 Search vendor "Ibm" for product "Websphere Portal" and version "8.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Portal Search vendor "Ibm" for product "Websphere Portal"				8.0.0.1 Search vendor "Ibm" for product "Websphere Portal" and version "8.0.0.1"		-		Affected