IBM Web Content Manager is prone to an XPath-injection vulnerability.

An attacker can exploit this issue by manipulating the XPath query logic to carry out unauthorized actions on the application.

Updates are available. Please see the references or vendor advisory for more information.

Due to insufficient validation, the 'LIBRARY' element suffers from an XPath-injection vulnerability. An unauthenticated user is able to perform blind XPath Injection attacks e.g. get current application configuration, enumerate nodes and extract other valuable information from vulnerable installations of Web Content Manager.

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, 8.0.0.x through 8.0.0.1 CF08

Send some special crafted HTTP GET requests and check the response.

• http://www-306.ibm.com/software/websphere/portal/
• http://www.ibm.com/
• http://www.securityfocus.com/bid/64496
• https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20131227-0_IBM_WCM_XPath_Injection_v10.txt

---

Updated on 2015-03-25