A URL manipulation security vulnerability has been found in the dojo module for WebSphere Portal versions 7.0.0.x and 8.0.
APAR PM64172 has been provided to address this issue.
The apar is included in CF14 for WebSphere Portal v220.127.116.11 and v18.104.22.168, and is available as an interim fix for WebSphere Portal v8.
This is a critical problem. When i simulate the attack i got the administrator password from security.xml