fkie_cve-2014-3056
Vulnerability from fkie_nvd
Published
2014-07-29 20:55
Modified
2024-11-21 02:07
Severity ?
Summary
The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*",
"matchCriteriaId": "041D220D-2088-4633-B1AA-8902AD1C6BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*",
"matchCriteriaId": "53B376AE-7AA9-4362-9CB2-17B3AB783FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*",
"matchCriteriaId": "84D744C2-DA4B-4F04-894F-7820FDC49A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*",
"matchCriteriaId": "4713D128-6C5F-4362-A0E2-363F81D9BCA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*",
"matchCriteriaId": "67E76EE5-B618-49AA-A489-1BD7E45D391F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*",
"matchCriteriaId": "DC001899-F77A-4EED-BC6D-8400FF4354EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*",
"matchCriteriaId": "05426398-FE6A-4E4A-9C46-4675B5FAD915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*",
"matchCriteriaId": "29E0A9B5-945C-4859-BE83-56B34544350B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*",
"matchCriteriaId": "10E59411-D50B-4A34-84C7-7563D301764A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4FF84B-A17F-464B-A718-67C44D2C69BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6007CA87-31CA-44AB-AB7F-788E17AB85F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*",
"matchCriteriaId": "B469E735-0DCE-4616-B3FE-DED75FEAC642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*",
"matchCriteriaId": "E0ACFABA-E470-4043-B8E7-ACE2F9781D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*",
"matchCriteriaId": "8D2FA62F-EEB7-4312-9359-FDA8E4743A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*",
"matchCriteriaId": "5D8ABD15-49DE-4C4A-B9C0-5696BC1899C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*",
"matchCriteriaId": "A2D98D3D-18DC-47CF-BED8-CD61A531D858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*",
"matchCriteriaId": "9326CFC3-D9A7-43CE-8673-FD009F7A1F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*",
"matchCriteriaId": "B34D73EE-1E9D-4896-B2A2-D1463C13F399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*",
"matchCriteriaId": "96B7FB90-D1F8-4D83-B954-A1990400BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*",
"matchCriteriaId": "CE4C07B8-CC26-4F83-8BA8-8702594CBB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*",
"matchCriteriaId": "22C95FC9-0342-4ACC-B4F8-052554771D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*",
"matchCriteriaId": "62AA773F-7D18-41F7-8561-81D83336E6FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*",
"matchCriteriaId": "2C17D73E-9F0B-4C11-8C1D-A3987DED44F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*",
"matchCriteriaId": "53DDB154-F94B-47F8-964B-34EFE2C99370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*",
"matchCriteriaId": "10FCF563-A945-425A-A577-37867CF05CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*",
"matchCriteriaId": "8373D2A7-EC57-4336-A877-B5D262F05191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*",
"matchCriteriaId": "0A005963-7EF6-40D4-A54B-E3749ED5B587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*",
"matchCriteriaId": "4210F236-A2B1-49F2-A16E-65BB513ECBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*",
"matchCriteriaId": "8A5566C6-E42F-4786-A8FC-59BE7EB47296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*",
"matchCriteriaId": "31C0EC0E-0106-4333-8401-0F655C0F5850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*",
"matchCriteriaId": "E0E4DA0C-9F97-4856-B9DE-D96994A65B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*",
"matchCriteriaId": "4180809C-4A1E-4DB4-9E7C-641B753B97D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*",
"matchCriteriaId": "5A60A788-F7B3-4922-8B30-8F586B1685CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F40E0F5-B964-4BDC-828E-7571619F7C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*",
"matchCriteriaId": "9A07791C-5EDE-4C2B-A441-6599339ED43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*",
"matchCriteriaId": "CE6F9920-B458-496B-B0C0-BF8B85606BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*",
"matchCriteriaId": "8B2C78E9-EB40-42C0-A772-6203555D5E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*",
"matchCriteriaId": "A910F5CA-8257-420E-8D31-6BB0E4CFC963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*",
"matchCriteriaId": "462CF706-A352-40EE-8158-3A2197FE4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*",
"matchCriteriaId": "0AF93EAB-BDBC-4C20-9BD2-AACC95CD8355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*",
"matchCriteriaId": "3D660652-D318-44B8-996A-6E56F4D71F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_portal_unified_task_list_portlet:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF937A0D-82F0-4382-97DA-D9EAEC8444ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors."
},
{
"lang": "es",
"value": "El portlet Unified Task List (UTL) para IBM WebSphere Portal 7.x y 8.x hasta 8.0.0.1 CF12 permite a atacantes remotos obtener informaci\u00f3n potencialmente sensible a cerca de las variables de entornos y las versiones JAR a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-3056",
"lastModified": "2024-11-21T02:07:23.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-29T20:55:08.287",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI18909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93530"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.