IBM WebSphere Portal Information Leakage Vulnerability (CVE-2014-3056)
IBM WebSphere Portal Information Leakage Vulnerability (CVE-2014-3056)
Release date:
Updated on:
Affected Systems:
IBM Websphere Portal 8.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-3056
IBM WebSphere Portal is a framework that includes runtime servers, services, tools, and many other features-you can use these features to integrate an enterprise into a single customizable interface called a Portal.
The uniied Task List (UTL) Portlet of WebSphere Portal 7.x, 8. x-8.0.0.1 CF12 has multiple vulnerabilities in implementation, which allows remote attackers to obtain sensitive information about environment variables and JAR versions.
<* Source: IBM (ncsupp@ca.ibm.com)
Link: https://www-304.ibm.com/support/docview.wss? Uid = swg21677032
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://xforce.iss.net/xforce/xfdb/93529
Http://www.ibm.com/support/fixcentral/
This article permanently updates the link address: