Main Vulnerability Database Vulnerabilities #VU40770

Input validation error in WebSphere Portal - CVE-2015-1921

Published: May 25, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40770

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-1921

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

How to mitigate CVE-2015-1921

Install update from vendor's website.

Input validation error in WebSphere Portal - CVE-2015-1921

Detailed vulnerability description

How to mitigate CVE-2015-1921

Sources

Please verify you're human