IBM Support

Fix Available: WebSphere Portal Security risk, a modified message could be used to retrieve information from the system (PM25698)

Flash (Alert)


Abstract

This issue is reported in the WebSphere Portal APAR PM25698 and could affect IBM WebSphere Portal, Lotus Web Content Management and IBM Lotus Quickr for WebSphere Portal.

Content

To gauge the impact this issue might have on your environment, refer to the following standardized scores:


CVSS Base Score
  4.3
    Impact Subscore
      2.9
    Exploitability Subscore
      8.6
CVSS Temporal Score
  3.4
CVSS Environmental Score
  4.5
    Modified Impact Subscore
      2.9
Overall CVSS Score
  4.5

Fixes are available for the following releases (V6.0.1.0 and earlier are not affected):
6.0.1.1 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.1
6.0.1.3 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.3
6.0.1.4 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.4
6.0.1.5 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.5
6.0.1.6 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.6, also integrated into CF07 and higher for 6.0.1.6 (PM22159)
6.0.1.7 - recommended to apply CF07 (PM22167) or higher, but interim fix also available for 6.0.1.7

6.1.0.0 - recommended to upgrade to 6.1.0.5 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.0
6.1.0.1 - recommended to upgrade to 6.1.0.5 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.1
6.1.0.2 - recommended to upgrade to 6.1.0.5 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.2
6.1.0.3 / 6.1.5.0 - recommended to upgrade to 6.1.0.5/6.1.5.2 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.3/6.1.5.0
6.1.0.4 / 6.1.5.1 - recommended to upgrade to 6.1.0.5/6.1.5.2 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.4/6.1.5.1
6.1.0.5 / 6.1.5.2 - recommended to apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.5/6.1.5.2

7.0.0.0 - recommended to apply Combined CF001 (PM25191) or higher, no individual interim fix available

Related information

Link to fixes on Fix Central
Recommended Updates

Cross reference information
Segment Product Component Platform Version Edition
Enterprise Content Management IBM Web Content Manager Portal Integration AIX, HP-UX, i5/OS, IBM i, Linux, Solaris, Windows, z/OS 7.0.0.0, 6.1.5.2, 6.1.5.1, 6.1.5.0, 6.1.0.5, 6.1.0.4, 6.1.0.3, 6.1.0.2, 6.1.0.1, 6.1.0.0 Java edition
Organizational Productivity- Portals & Collaboration Lotus Quickr for WebSphere Portal Security AIX, Linux, Windows 8.5, 8.1.1.1, 8.1.1, 8.1 All Editions
Enterprise Content Management Workplace Web Content Management Portal Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS 6.0.1.7, 6.0.1.6, 6.0.1.5, 6.0.1.4, 6.0.1.3, 6.0.1.2, 6.0.1.1 Java edition

Document information

More support for: WebSphere Portal
Security

Software version: 6.0.1.1, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.1.0.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.5.0, 6.1.5.1, 6.1.5.2, 7.0.0.0

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Software edition: Enable, Express, Extend, Hypervisor Edition, Server

Reference #: 1460422

Modified date: 2014-11-12