CVE-2015-5001

moderate-risk

Published 2015-12-21

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a denial of service (memory consumption) via a crafted document.

Do I need to act?

0.65% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (17)

Websphere Portal

Affected Vendors

Ibm

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540

http://www-01.ibm.com/support/docview.wss?uid=swg21970176

http://www.securitytracker.com/id/1034284

http://www-01.ibm.com/support/docview.wss?uid=swg1PI49540

http://www-01.ibm.com/support/docview.wss?uid=swg21970176

http://www.securitytracker.com/id/1034284

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 19/34 · Moderate