Main Vulnerability Database Vulnerabilities #VU40441

Permissions, Privileges, and Access Controls in WebSphere Portal - CVE-2015-7455

Published: February 29, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40441

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-7455

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI. Appropriate Vendor Advisory Link: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21976358">HERE</a>

How to mitigate CVE-2015-7455

Install update from vendor's website.

Permissions, Privileges, and Access Controls in WebSphere Portal - CVE-2015-7455

Detailed vulnerability description

How to mitigate CVE-2015-7455

Sources

Please verify you're human