| Vulnerability Name: | CVE-2015-7447 (CCN-108199) | ||||||||||||
| Assigned: | 2015-12-15 | ||||||||||||
| Published: | 2015-12-15 | ||||||||||||
| Updated: | 2016-12-07 | ||||||||||||
| Summary: | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) 4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-7447 Source: AIXAPAR Type: UNKNOWN PI51395 Source: CONFIRM Type: Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21973152 Source: CCN Type: IBM Security Bulletin 1973152 (WebSphere Portal) Fix available for Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2015-7447) Source: BID Type: UNKNOWN 79511 Source: CCN Type: BID-79511 IBM WebSphere Portal CVE-2015-7447 Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1034538 Source: XF Type: UNKNOWN ibm-websphere-cve20157447-info-disc(108199) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||