Main Vulnerability Database Vulnerabilities #VU40700

Information disclosure in WebSphere Portal - CVE-2015-1887

Published: July 14, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40700

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-1887

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request.

How to mitigate CVE-2015-1887

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/75475
http://www.securitytracker.com/id/1032970
http://www-01.ibm.com/support/docview.wss?uid=swg1PI36150
http://www-01.ibm.com/support/docview.wss?uid=swg21958024

Information disclosure in WebSphere Portal - CVE-2015-1887

Detailed vulnerability description

How to mitigate CVE-2015-1887

Sources

Please verify you're human