CVE-2015-4989

LOW

IBM Tealeaf Customer Experience < 8.6 - Information Disclosure

Title source: rule
STIX 2.1

Description

The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an internal chart name.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21968866

Scores

CVSS v3 3.7
EPSS 0.0092
EPSS Percentile 56.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (9)
ibm/tealeaf_customer_experience 8.7
ibm/tealeaf_customer_experience 8.8
ibm/tealeaf_customer_experience 9.0.0
ibm/tealeaf_customer_experience 9.0.0a
ibm/tealeaf_customer_experience 9.0.1
ibm/tealeaf_customer_experience 9.0.1a
ibm/tealeaf_customer_experience 9.0.2
ibm/tealeaf_customer_experience 9.0.2a
ibm/tealeaf_customer_experience < 8.6
Published Jan 02, 2016
Tracked Since Feb 18, 2026