IBM WebSphere Portal Outside In Technology Multiple Overflows (PI07290)

low Nessus Plugin ID 73499


The remote Windows host has web portal software installed that is affected by multiple remote code execution vulnerabilities.


The version of IBM WebSphere Portal on the remote host is affected by multiple remote code execution vulnerabilities in the Outside In Technology component :

- A stack overflow in the Filters subcomponent of the OS/2 Metafile Parser. (CVE-2013-5763)

- A stack overflow in the Microsoft Access database file format parser. (CVE-2013-5791)

A remote attacker can use specially crafted files to cause a buffer overflow and execute arbitrary code.


IBM has published Interim Fix PI07290. This fix is a part of CF27 and CF10. Refer to IBM's advisory for more information.

See Also

Plugin Details

Severity: Low

ID: 73499

File Name: websphere_portal_cve-2013-5791.nasl

Version: 1.8

Type: local

Family: CGI abuses

Published: 4/14/2014

Updated: 1/19/2021

Configuration: Enable paranoid mode

Risk Information


Risk Factor: Medium

Score: 5.1


Risk Factor: Low

Base Score: 1.5

Temporal Score: 1.2

Vector: CVSS2#AV:L/AC:M/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2013-5791

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: Settings/ParanoidReport, installed_sw/IBM WebSphere Portal

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 10/15/2013

Vulnerability Publication Date: 10/15/2013

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-5763, CVE-2013-5791

BID: 63076, 63741

CERT: 953241