CVE-2014-8912 — Improper Access Control in IBM Websphere Portal

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 55.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Portal

Timeline

PublishedOct 28

Latest updateMay 17

Description

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_portal32 versions+31

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-p57j-cjp4-f37p: IBM WebSphere Portal 6↗2022-05-17

▶

CVEList

CVE-2014-8912: IBM WebSphere Portal 6↗2015-10-28

▶