Lucene search

IbmCVE-2015-7418

HistoryFeb 08, 2017 - 10:59 p.m.

CVE-2015-7418

2017-02-0822:59:00

CWE-200

ibm

web.nvd.nist.gov

ibm

websphere

extreme scale

datapower

xc10

appliance

vulnerability

sensitive data

memory

local user

administrator privileges

security

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.

Affected configurations

Nvd

Vulners

Node

ibmwebsphere_extreme_scaleMatch7.1.0

ibmwebsphere_extreme_scaleMatch7.1.1

ibmwebsphere_extreme_scaleMatch8.5

ibmwebsphere_extreme_scaleMatch8.6

VendorProductVersionCPE
ibmwebsphere_extreme_scale7.1.0cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*
ibmwebsphere_extreme_scale7.1.1cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*
ibmwebsphere_extreme_scale8.5cpe:2.3:a:ibm:websphere_extreme_scale:8.5:*:*:*:*:*:*:*
ibmwebsphere_extreme_scale8.6cpe:2.3:a:ibm:websphere_extreme_scale:8.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_extreme_scale	7.1.0	cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:::::::*
ibm	websphere_extreme_scale	7.1.1	cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:::::::*
ibm	websphere_extreme_scale	8.5	cpe:2.3:a:ibm:websphere_extreme_scale:8.5:::::::*
ibm	websphere_extreme_scale	8.6	cpe:2.3:a:ibm:websphere_extreme_scale:8.6:::::::*

CNA Affected

[
  {
    "product": "WebSphere DataPower XC10 Appliance",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      },
      {
        "status": "affected",
        "version": "2.0"
      },
      {
        "status": "affected",
        "version": "2.1"
      },
      {
        "status": "affected",
        "version": "2.1.0.3"
      },
      {
        "status": "affected",
        "version": "2.0.0.1"
      },
      {
        "status": "affected",
        "version": "2.0.0.2"
      },
      {
        "status": "affected",
        "version": "2.0.0.3"
      },
      {
        "status": "affected",
        "version": "2.1.0.1"
      },
      {
        "status": "affected",
        "version": "2.1.0.2"
      },
      {
        "status": "affected",
        "version": "2.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.1"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21971657

www.securityfocus.com/bid/83634

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-7418