6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.7%
Incorrect setting for serveServletsbyClassname could allow a remote attacker on WebSphere Application Server to gain elevated privileges on the system for FTM for Check Services and FTM for Corporate Payment Services
CVEID: CVE-2015-1927**
DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to gain elevated privileges on the system, caused by an application not having the correct serveServletsbyClassname setting. By a developer not setting the correct property, an attacker could exploit this vulnerability to gain unauthorized access.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102872 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
- FTM for Check v2.1.1.8
- FTM for CPS v2.1.1.0
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for Check Services| 2.1.1.8| PI46336| Apply 2.1.1-FTM-CHECK-MP-fp0009 or later.
FTM for Corporate Payment Services| 2.1.1.0| PI41632| Apply 2.1.1-FTM-CPS-MP-fp0001 or later
This has been fixed in WebSphere Application Server - refer to security bulletin http://www.ibm.com/support/docview.wss?uid=swg21959083
CPE | Name | Operator | Version |
---|---|---|---|
ibm financial transaction manager | eq | 2.1.1.8 | |
ibm financial transaction manager | eq | 2.1.1.0 |