Unvalidated JSP Includes Vulnerability in IBM WebSphere Portal

Unvalidated JSP Includes Vulnerability in IBM WebSphere Portal

CVE-2014-0954 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.

Learn more about our Cis Benchmark Audit For Ibm Websphere.