ID CVE-2015-7472
Summary IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors. CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - https://cwe.mitre.org/data/definitions/90.html
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 03-12-2016 - 03:12)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
aixapar PI53426
confirm http://www-01.ibm.com/support/docview.wss?uid=swg21972736
sectrack 1035324
Last major update 03-12-2016 - 03:12
Published 15-02-2016 - 02:59
Back to Top