CVE-2016-5954

moderate-risk

Published 2016-09-12

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.

Do I need to act?

0.62% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (17)

Websphere Portal

Affected Vendors

Ibm

References (8)

Not Applicable http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037

Patch http://www-01.ibm.com/support/docview.wss?uid=swg21989993

http://www.securityfocus.com/bid/93017

http://www.securitytracker.com/id/1036762

Not Applicable http://www-01.ibm.com/support/docview.wss?uid=swg1PI67037

Patch http://www-01.ibm.com/support/docview.wss?uid=swg21989993

http://www.securityfocus.com/bid/93017

http://www.securitytracker.com/id/1036762

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 19/34 · Moderate