Vulnerability Details : CVE-2011-0679
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message."
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2011-0679
Probability of exploitation activity in the next 30 days: 0.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0679
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0679
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0679
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM25191
IBM PM25191: IBM WebSphere Portal and Lotus Web Content Management V7.0.0.0 Combined Cumulative Fix 001
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM25698
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM26397
IBM PM26397: CUMULATIVE FIX 10 FOR PORTAL 6105 / 6152
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM24319
IBM PM24319: CUMULATIVE FIX 10 FOR PORTAL 6103 / 6150
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM22167
IBM PM22167: CUMULATIVE FIX 07 FOR PORTAL 6017
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM22159
IBM PM22159: CUMULATIVE FIX 07 FOR PORTAL 6016
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PM24320
IBM PM24320: CUMULATIVE FIX 10 FOR PORTAL 6104 / 6151
-
http://www.ibm.com/support/docview.wss?uid=swg21460422
IBM notice: The page you requested cannot be displayed
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64890
IBM WebSphere Portal and Lotus Web Content Management unspecified information disclosure CVE-2011-0679 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0223
Webmail | OVH- OVH
-
http://www.kb.cert.org/vuls/id/375127
VU#375127 - IBM WebSphere Portal Server input validation vulnerabilityUS Government Resource
-
http://www.securityfocus.com/bid/45989
IBM WebSphere Portal and Workplace Web Content Management Information Disclosure Vulnerability
Products affected by CVE-2011-0679
- cpe:2.3:a:ibm:websphere_portal:6.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*