Several versions of WebSphere Portar are vulnerable.
BM WebSphere Portal could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to resources located within web applications. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
How to fix this vulnerability ? Go to this link from IBM