CVE-2013-6730 : IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.

IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results.

Published 2014-03-04 22:55:03

Updated 2017-08-29 01:34:00

Source IBM Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-6730

Probability of exploitation activity in the next 30 days: 0.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-6730

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-6730

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6730

http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185

IBM notice: The page you requested cannot be displayed
https://exchange.xforce.ibmcloud.com/vulnerabilities/89363

IBM Websphere Portal directory traversal CVE-2013-6730 Vulnerability Report
http://www-01.ibm.com/support/docview.wss?uid=swg21665915

IBM Security Bulletin: Fix available for Improper Access Control Checks on Search Results if WCM Path Traversal is enabled in IBM WebSphere Portal (CVE-2013-6730)
Vendor Advisory

Products affected by CVE-2013-6730

IBM » Websphere Portal » Version: 6.1.0.0
cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.0
cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.0
cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.1
cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.2
cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.3
cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.1
cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.4
cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.2
cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.3
cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.5
cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.6
cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-6730

Exploit prediction scoring system (EPSS) score for CVE-2013-6730

CVSS scores for CVE-2013-6730

CWE ids for CVE-2013-6730

References for CVE-2013-6730

Products affected by CVE-2013-6730