Fix Available: WebSphere Portal Security risk, a modified message could be used to retrieve information from the system (PM25698)

Flash (Alert)


Abstract

This issue is reported in the WebSphere Portal APAR PM25698 and could affect IBM WebSphere Portal, Lotus Web Content Management and IBM Lotus Quickr for WebSphere Portal.

Content

To gauge the impact this issue might have on your environment, refer to the following standardized scores:


CVSS Base Score
  4.3
    Impact Subscore
      2.9
    Exploitability Subscore
      8.6
CVSS Temporal Score
  3.4
CVSS Environmental Score
  4.5
    Modified Impact Subscore
      2.9
Overall CVSS Score
  4.5

Fixes are available for the following releases (V6.0.1.0 and earlier are not affected):
6.0.1.1 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.1
6.0.1.3 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.3
6.0.1.4 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.4
6.0.1.5 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.5
6.0.1.6 - recommended to upgrade to 6.0.1.7 and apply CF07 (PM22167) or higher, but interim fix available for 6.0.1.6, also integrated into CF07 and higher for 6.0.1.6 (PM22159)
6.0.1.7 - recommended to apply CF07 (PM22167) or higher, but interim fix also available for 6.0.1.7

6.1.0.0 - recommended to upgrade to 6.1.0.5 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.0
6.1.0.1 - recommended to upgrade to 6.1.0.5 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.1
6.1.0.2 - recommended to upgrade to 6.1.0.5 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.2
6.1.0.3 / 6.1.5.0 - recommended to upgrade to 6.1.0.5/6.1.5.2 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.3/6.1.5.0
6.1.0.4 / 6.1.5.1 - recommended to upgrade to 6.1.0.5/6.1.5.2 (or higher, when available) and apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.4/6.1.5.1
6.1.0.5 / 6.1.5.2 - recommended to apply CF10 (PM26397) or higher, but interim fix available for 6.1.0.5/6.1.5.2

7.0.0.0 - recommended to apply Combined CF001 (PM25191) or higher, no individual interim fix available


Related information

Link to fixes on Fix Central
Recommended Updates


    Cross reference information
    Segment Product Component Platform Version Edition
    Enterprise Content Management IBM Web Content Manager Portal Integration AIX, HP-UX, i5/OS, IBM i, Linux, Solaris, Windows, z/OS 7.0.0.0, 6.1.5.2, 6.1.5.1, 6.1.5.0, 6.1.0.5, 6.1.0.4, 6.1.0.3, 6.1.0.2, 6.1.0.1, 6.1.0.0 Java edition
    Organizational Productivity- Portals & Collaboration Lotus Quickr for WebSphere Portal Security AIX, Linux, Windows 8.5, 8.1.1.1, 8.1.1, 8.1 All Editions
    Enterprise Content Management Workplace Web Content Management Portal Integration AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS 6.0.1.7, 6.0.1.6, 6.0.1.5, 6.0.1.4, 6.0.1.3, 6.0.1.2, 6.0.1.1 Java edition

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

WebSphere Portal
Security

Software version:

6.0.1.1, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.1.0.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.5.0, 6.1.5.1, 6.1.5.2, 7.0.0.0

Operating system(s):

AIX, HP-UX, IBM i, Linux, Solaris, Windows, i5/OS, z/OS

Software edition:

Enable, Express, Extend, Hypervisor Edition, Server

Reference #:

1460422

Modified date:

2013-08-14

Translate my page

Machine Translation

Content navigation