Description
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control settings to the out of the box configuration during Combined Cumulative Fix (CF) installation. This can lead to security miss-configuration of the installation. IBM X-Force ID: 138950.
References (3)
Core 3
Core References
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/138950
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=swg22014276
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041767
Scores
CVSS v3
5.3
EPSS
0.0014
EPSS Percentile
33.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-732
Status
published
Products (5)
ibm/websphere_portal
7.0.0.0
ibm/websphere_portal
7.0.0.1 (11 CPE variants)
ibm/websphere_portal
7.0.0.2 (20 CPE variants)
ibm/websphere_portal
8.0.0.0 (7 CPE variants)
ibm/websphere_portal
8.0.0.1 (11 CPE variants)
Published
Oct 01, 2018
Tracked Since
Feb 18, 2026