Unvalidated JSP Includes Vulnerability in IBM WebSphere Portal
CVE-2014-0954 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
Learn more about our Cis Benchmark Audit For Ibm Websphere.