Lucene search

K
ibmIBM0F9F156363000B84E1AA5E761318118598F2A02DE79E6639C6C9F09683576812
HistoryJun 16, 2018 - 7:46 p.m.

Security Bulletin: Incorrect setting for serveServletsbyClassname can affect FTM for Check Services and FTM for Corporate Payment Services (CVE-2015-1927)

2018-06-1619:46:53
www.ibm.com
10

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

Summary

Incorrect setting for serveServletsbyClassname could allow a remote attacker on WebSphere Application Server to gain elevated privileges on the system for FTM for Check Services and FTM for Corporate Payment Services

Vulnerability Details

CVEID: CVE-2015-1927**
DESCRIPTION:** IBM WebSphere Application Server could allow a remote attacker to gain elevated privileges on the system, caused by an application not having the correct serveServletsbyClassname setting. By a developer not setting the correct property, an attacker could exploit this vulnerability to gain unauthorized access.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102872 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

- FTM for Check v2.1.1.8

- FTM for CPS v2.1.1.0

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
FTM for Check Services| 2.1.1.8| PI46336| Apply 2.1.1-FTM-CHECK-MP-fp0009 or later.
FTM for Corporate Payment Services| 2.1.1.0| PI41632| Apply 2.1.1-FTM-CPS-MP-fp0001 or later

Workarounds and Mitigations

This has been fixed in WebSphere Application Server - refer to security bulletin http://www.ibm.com/support/docview.wss?uid=swg21959083

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

Related for 0F9F156363000B84E1AA5E761318118598F2A02DE79E6639C6C9F09683576812