VIR Vulnerability Intelligence Relay

CVE-2015-4961

low
Published 2016-11-24 · Modified 2026-05-06
CVSS v3
2.6
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS v2
2.9
VIR risk
2.6

Description

IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 does not encrypt connections between internal servers, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.

Predictions

Exploit likelihood
28%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21965077

Application impact
VendorProductVersionsFixed
ibm ibmtealeaf_customer_experience{"endIncluding":"8.6"}
ibm ibmtealeaf_customer_experience8.7
ibm ibmtealeaf_customer_experience8.8
ibm ibmtealeaf_customer_experience9.0.0
ibm ibmtealeaf_customer_experience9.0.0a
ibm ibmtealeaf_customer_experience9.0.1
ibm ibmtealeaf_customer_experience9.0.1a
ibm ibmtealeaf_customer_experience9.0.2
ibm ibmtealeaf_customer_experience9.0.2a

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.