CVE-2015-1887

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 7.0.0 through 7.0.0.2 CF29 IBM WebSphere Portal versions 8.0.0 through 8.0.0 before 8.0.0.1 CF17 IBM WebSphere Portal versions 8.5.0 through 8.5.0 before CF06

Description The issue allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request. This is due to a lack of protection for service data in the IBM WebSphere Portal user interface, which can be exploited by a remote attacker to access protected JCR information using a specially formed request.

Recommendations For versions 7.0.0 through 7.0.0.2 CF29, update to a version after 7.0.0.2 CF29. For versions 8.0.0 through 8.0.0 before 8.0.0.1 CF17, update to 8.0.0.1 CF17 or later. For versions 8.5.0 through 8.5.0 before CF06, update to 8.5.0 CF06 or later.