Description
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51281
Patch, Third Party Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg24033155
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78914
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21617713
Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354
Scores
EPSS
0.0313
EPSS Percentile
86.3%
Details
CWE
CWE-22
Status
published
Products (3)
ibm/websphere_portal
7.0.0.1 (18 CPE variants)
ibm/websphere_portal
7.0.0.2 (18 CPE variants)
ibm/websphere_portal
8.0.0.0 (3 CPE variants)
Published
Nov 30, 2012
Tracked Since
Feb 18, 2026