PM01342: AUTHORIZATION PROBLEMS IN WEBSPHERE PORTAL

APAR status

Closed as program error.

Error description

IBM has identified a serious vulnerability in IBM WebSphere
Portal in a functional component that makes it possible for
remote attackers to bypass normal WebSphere Portal server
security. Through this attack, an intruder might be able to
execute administrative commands without proper authority.
CVSS Base Score
  4.9
    Impact Subscore
      6.4
    Exploitability Subscore
      4.4
CVSS Temporal Score
  3.6
CVSS Environmental Score
  6.2
    Modified Impact Subscore
      6.4
Overall CVSS Score 6.2

Local fix

```
No workaround available
```

Problem summary

IBM has identified a serious vulnerability in IBM WebSphere
Portal in a functional component that makes it possible for
remote attackers to bypass normal WebSphere Portal server
security. Through this attack, an intruder might be able to
execute administrative commands without proper authority.

   CVSS Base Score
     4.9
       Impact Subscore
         6.4
       Exploitability Subscore
         4.4
   CVSS Temporal Score
     3.6
   CVSS Environmental Score
     6.2
       Modified Impact Subscore
         6.4
   Overall CVSS Score 6.2

Problem conclusion

User rights are now correctly enforced.

Manual Steps:
   None

Failing Module(s):
   Composite Applications

Affected Users:
   All users

Version Information:
    Portal Version(s): 6.1.5.0
     Pre-Requisite(s):
      Co-Requisite(s): ---

Platform Specific:
   This fix applies to all platforms.

A fix is available from Fix Central:

http://www.ibm.com/eserver/support/fixes/fixcentral/swgquickorde
r?apar=PM01342&productid=WebSphere%20Portal&brandid=5

You may need to type or paste the complete address into your Web
browser.

Temporary fix

Comments

APAR Information

APAR number
PM01342
Reported component name
WEBSPHERE PORTA
Reported component ID
5724E7600
Reported release
615
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-11-17
Closed date
2010-02-04
Last modified date
2010-02-04

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
WEBSPHERE PORTA
Fixed component ID
5724E7600

Applicable component levels

R615 PSY
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1.5","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
21 December 2021

Tips

PM01342: AUTHORIZATION PROBLEMS IN WEBSPHERE PORTAL

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R615 PSY

Document Information

Share your feedback

Need support?