URL manipulation security vulnerabilities for IBM WebSphere Portal may allow a remote attacker to traverse directories on the system and view information contained in files. These vulnerabilities are susceptible to an exploit in the wild. Please review the updated security bulletins (see links below).
CVE(s): CVE-2012-2181 and CVE-2012-4834
Affected product(s): IBM WebSphere Portal
Affected version(s): 7.0.0.x and 8.0
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21598363
X-Force Database: http://xforce.iss.net/xforce/xfdb/75584
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21617713
X-Force Database: http://xforce.iss.net/xforce/xfdb/78914