CVE-2015-7472

moderate-risk

Published 2016-02-15

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection attacks, and consequently read or write to repository data, via unspecified vectors.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (17)

Websphere Portal

Affected Vendors

Ibm

References (6)

http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21972736

http://www.securitytracker.com/id/1035324

http://www-01.ibm.com/support/docview.wss?uid=swg1PI53426

Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21972736

http://www.securitytracker.com/id/1035324

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate