Skip to main content

Tealeaf Customer Experience CVE-2015-4990

MEDIUM
Information Exposure (CWE-200)
2016-01-02 psirt@us.ibm.com
4.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 02, 2016 - 05:59 cve.org
MEDIUM 4.0

DescriptionCVE.org

The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type.

AnalysisAI

The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before. Rated medium severity (CVSS 4.0). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type. Affected products include: Ibm Tealeaf Customer Experience. Version information: before 8.7.1.8818.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2015-4988 HIGH
8.6 Jan 18

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before

CVE-2016-5996 HIGH
7.5 Sep 26

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 bef

CVE-2016-5977 MEDIUM
6.8 Sep 26

Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.

CVE-2016-5997 MEDIUM
6.5 Sep 26

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 bef

CVE-2016-5978 MEDIUM
5.4 Sep 26

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1

CVE-2016-5975 MEDIUM
5.4 Sep 26

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1

CVE-2016-5968 MEDIUM
5.3 Nov 25

The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and

CVE-2016-5976 MEDIUM
4.9 Sep 26

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 bef

CVE-2015-4989 LOW
3.7 Jan 02

The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.

CVE-2015-4961 LOW
2.6 Nov 24

IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.11

Share

CVE-2015-4990 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy