CVE-2013-2951

7.8HIGH

Key Information:

Vendor: IBM
Status: Websphere Portal
Vendor: CVE Published:; 11 July 2018

Summary

IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace file when tracing is enabled for the Selfcare Portlet (Profile Management), which allows local users to obtain sensitive information by reading the file. IBM X-Force ID: 83621.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21642097

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/83621

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2018
Vulnerability Reserved
Apr 12, 2013