Description
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code.
References (4)
Core 4
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI22104
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61126
Patch x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21684652
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94658
Scores
EPSS
0.0164
EPSS Percentile
73.5%
Details
CWE
CWE-200
Status
published
Products (14)
ibm/websphere_portal
6.1.0.0
ibm/websphere_portal
6.1.0.1
ibm/websphere_portal
6.1.0.2
ibm/websphere_portal
6.1.0.3
ibm/websphere_portal
6.1.0.4
ibm/websphere_portal
6.1.0.5
ibm/websphere_portal
6.1.0.6 (12 CPE variants)
ibm/websphere_portal
6.1.5.0
ibm/websphere_portal
6.1.5.1
ibm/websphere_portal
6.1.5.2
... and 4 more
Published
Oct 10, 2014
Tracked Since
Feb 18, 2026