VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 18, 2013· Updated Apr 29, 2026

CVE-2013-4006

CVE-2013-4006

Description

IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM WebSphere Liberty Profile 8.5 before 8.5.5.1 uses weak file permissions, allowing local users to obtain sensitive information.

Vulnerability

IBM WebSphere Application Server (WAS) Liberty Profile versions 8.5 prior to 8.5.5.1 contain a vulnerability where unspecified files are created with weak permissions. This allows local users to read sensitive information through standard filesystem operations. The affected versions are Liberty Profile 8.5.0.0 through 8.5.5.0.

Exploitation

An attacker with local access to the system can exploit this vulnerability by simply reading the affected files using standard filesystem commands. No authentication beyond local user access is required, and no user interaction is needed.

Impact

Successful exploitation leads to the disclosure of sensitive information contained in the files with weak permissions. The impact is limited to confidentiality, as the attacker can read but not modify or delete the files.

Mitigation

IBM released Fix Pack 8.5.5.1 to address this vulnerability. Users should upgrade to version 8.5.5.1 or later. No workarounds are documented in the available references [1].

References
  1. Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.1

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • IBM/Websphere Application Server4 versions
    cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*+ 3 more
    • cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*
  • IBM/WebSphere Application Server Liberty Profilellm-fuzzy
    Range: <8.5.5.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.