Input validation error in WebSphere Portal - CVE-2015-7472
Published: February 15, 2016 / Updated: August 9, 2020
Vulnerability identifier: #VU40481
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2015-7472
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
WebSphere Portal
WebSphere Portal
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - https://cwe.mitre.org/data/definitions/90.html
How to mitigate CVE-2015-7472
Install update from vendor's website.