CVE-2015-7455

low-risk
Published 2016-02-29

IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI.

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.1/10 Low
NETWORK / HIGH complexity

Affected Products (6)

Affected Vendors

Ibm

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234
http://www.ibm.com/support/docview.wss?uid=swg21975358
http://www-01.ibm.com/support/docview.wss?uid=swg1PI51234
http://www.ibm.com/support/docview.wss?uid=swg21975358
24
/ 100
low-risk
Severity 11/34 · Low
Exploitability 0/34 · Minimal
Exposure 13/34 · Low