What is the severity of CVE-2015-7447?

CVE-2015-7447 has been assigned a high severity level due to its potential for remote attackers to bypass access controls.

How do I fix CVE-2015-7447?

To fix CVE-2015-7447, update your IBM WebSphere Portal to a version that is not affected, specifically versions after the specified CF updates.

What types of sensitive information can be exposed by CVE-2015-7447?

CVE-2015-7447 can allow remote attackers to access sensitive information that is intended to be restricted by access controls.

Which IBM WebSphere Portal versions are affected by CVE-2015-7447?

CVE-2015-7447 affects IBM WebSphere Portal versions from 6.1.0 through to 8.5.0 before specific cumulative fixes.

Is there a workaround for CVE-2015-7447?

A temporary workaround for CVE-2015-7447 may involve restricting access to the Portal AccessControl REST API until the software can be updated.

Vulnerability/
CVE-2015-7447

medium

5.3

CWE

200

31/12/2015

6/8/2024

CVE-2015-7447: Infoleak

First published: Thu Dec 31 2015(Updated: )

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Portal	=6.1.0.0
IBM WebSphere Portal	=6.1.0.1
IBM WebSphere Portal	=6.1.0.2
IBM WebSphere Portal	=6.1.0.3
IBM WebSphere Portal	=6.1.0.4
IBM WebSphere Portal	=6.1.0.5
IBM WebSphere Portal	=6.1.0.6
IBM WebSphere Portal	=6.1.5.0
IBM WebSphere Portal	=6.1.5.1
IBM WebSphere Portal	=6.1.5.2
IBM WebSphere Portal	=6.1.5.3
IBM WebSphere Portal	=7.0.0.0
IBM WebSphere Portal	=7.0.0.1
IBM WebSphere Portal	=7.0.0.2
IBM WebSphere Portal	=8.0.0.0
IBM WebSphere Portal	=8.0.0.1
IBM WebSphere Portal	=8.5.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-7447?
CVE-2015-7447 has been assigned a high severity level due to its potential for remote attackers to bypass access controls.
How do I fix CVE-2015-7447?
To fix CVE-2015-7447, update your IBM WebSphere Portal to a version that is not affected, specifically versions after the specified CF updates.
What types of sensitive information can be exposed by CVE-2015-7447?
CVE-2015-7447 can allow remote attackers to access sensitive information that is intended to be restricted by access controls.
Which IBM WebSphere Portal versions are affected by CVE-2015-7447?
CVE-2015-7447 affects IBM WebSphere Portal versions from 6.1.0 through to 8.5.0 before specific cumulative fixes.
Is there a workaround for CVE-2015-7447?
A temporary workaround for CVE-2015-7447 may involve restricting access to the Portal AccessControl REST API until the software can be updated.

agent/softwarecombine
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/type
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere portal
version/ibm websphere portal/6.1.0.0
version/ibm websphere portal/6.1.0.1
version/ibm websphere portal/6.1.0.2
version/ibm websphere portal/6.1.0.3
version/ibm websphere portal/6.1.0.4
version/ibm websphere portal/6.1.0.5
version/ibm websphere portal/6.1.0.6
version/ibm websphere portal/6.1.5.0
version/ibm websphere portal/6.1.5.1
version/ibm websphere portal/6.1.5.2
version/ibm websphere portal/6.1.5.3
version/ibm websphere portal/7.0.0.0
version/ibm websphere portal/7.0.0.1
version/ibm websphere portal/7.0.0.2
version/ibm websphere portal/8.0.0.0
version/ibm websphere portal/8.0.0.1
version/ibm websphere portal/8.5.0.0