CVE-2015-1886 : The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 throu

The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05 allows remote attackers to cause a denial of service (memory consumption) via crafted requests.

Published 2015-04-27 11:59:05

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-1886

IBM » Websphere Portal » Version: 6.1.0.0
cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.0
cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.0
cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.1
cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.2
cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.3
cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.1
cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.4
cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.2
cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.3
cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.5
cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.6
cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.5.0.0
cpe:2.3:a:ibm:websphere_portal:8.5.0.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-1886

EPSS FAQ

1.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1886

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2015-1886

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1886

http://www.securityfocus.com/bid/74216

IBM WebSphere Portal CVE-2015-1886 Unspecified Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg1PI37356

IBM notice: The page you requested cannot be displayed
http://www-01.ibm.com/support/docview.wss?uid=swg21701566

IBM Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2015-1886; CVE-2015-1908)
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032189

IBM WebSphere Portal Input Validation Flaws Permits Remote Denial of Service and Cross-Site Scripting Attacks - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-1886

Products affected by CVE-2015-1886

Exploit prediction scoring system (EPSS) score for CVE-2015-1886

CVSS scores for CVE-2015-1886

CWE ids for CVE-2015-1886

References for CVE-2015-1886