IBM10307B3EE55A7A9570E5032DE6E31F27811A99F9555CB48E0F5A00E5A00993ECSecurity Bulletin: Vulnerability affects WebSphere Application Server shipped with IBM Security Identity Manager (CVE-2015-1920)
0.008 Low
EPSS
Percentile
82.2%
Summary
WebSphere Application Server shipped as a component of IBM Security Identity Manager could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
Vulnerability Details
CVEID: CVE-2015-1920 **
DESCRIPTION:** WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102404 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Affected Products and Versions
Principal Product and Version(s)
| Affected Supporting Product and Version
β|β
IBM Security Identity Manager version 7.0| N/A. Apply ISIM fix pack.
IBM Security Identity Manager version 6.0| WebSphere Application Server version 7.0
IBM Tivoli Identity Manager version 5.1| WebSphere Application Server versions 6.1 and 7.0
Remediation/Fixes
Product and Version
| Fixes
β|β
IBM Security Identity Manager 7.0| Apply IBM Security Identity Manager Virtual Appliance version 7.0 fixpack 7.0.0-ISS-SIM-FP0002
IBM Security Identity Manager 6.0| Follow instructions as provided by WebSphere Security Bulletin
IBM Tivoli Identity Manager 5.1| Follow instructions as provided by WebSphere Security Bulletin
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security identity manager | eq | 6.0 | |
| ibm security identity manager | eq | 5.1 | |
| ibm security identity manager | eq | 7.0 |
Related
0.008 Low
EPSS
Percentile
82.2%