Vulnerability Details : CVE-2014-4792
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.
Vulnerability category: Denial of service
Products affected by CVE-2014-4792
- cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf06:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf12:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf28:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf13:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_portal:8.5.0.0:cf01:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4792
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4792
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-4792
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4792
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI23334
IBM notice: The page you requested cannot be displayed
-
http://www-01.ibm.com/support/docview.wss?uid=swg21681998
IBM Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2014-4762; CVE-2014-4792)Patch;Vendor Advisory
-
http://secunia.com/advisories/61204
Sign in
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95204
IBM WebSphere Portal large file upload denial of service CVE-2014-4792 Vulnerability Report
Jump to