CVE-2012-4834

IBM WebSphere Portal <8.0 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51281
Patch, Third Party Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg24033155
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78914
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21617713
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354

Scores

EPSS 0.0313
EPSS Percentile 86.3%

Details

CWE
CWE-22
Status published
Products (3)
ibm/websphere_portal 7.0.0.1 (18 CPE variants)
ibm/websphere_portal 7.0.0.2 (18 CPE variants)
ibm/websphere_portal 8.0.0.0 (3 CPE variants)
Published Nov 30, 2012
Tracked Since Feb 18, 2026