Lucene search

K
ibmIBM10307B3EE55A7A9570E5032DE6E31F27811A99F9555CB48E0F5A00E5A00993EC
HistoryJun 16, 2018 - 9:25 p.m.

Security Bulletin: Vulnerability affects WebSphere Application Server shipped with IBM Security Identity Manager (CVE-2015-1920)

2018-06-1621:25:18
www.ibm.com
4

0.008 Low

EPSS

Percentile

82.2%

Summary

WebSphere Application Server shipped as a component of IBM Security Identity Manager could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.

Vulnerability Details

CVEID: CVE-2015-1920 **
DESCRIPTION:** WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.

CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102404 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
β€”|β€”
IBM Security Identity Manager version 7.0| N/A. Apply ISIM fix pack.
IBM Security Identity Manager version 6.0| WebSphere Application Server version 7.0
IBM Tivoli Identity Manager version 5.1| WebSphere Application Server versions 6.1 and 7.0

Remediation/Fixes

Product and Version

| Fixes
β€”|β€”
IBM Security Identity Manager 7.0| Apply IBM Security Identity Manager Virtual Appliance version 7.0 fixpack 7.0.0-ISS-SIM-FP0002
IBM Security Identity Manager 6.0| Follow instructions as provided by WebSphere Security Bulletin
IBM Tivoli Identity Manager 5.1| Follow instructions as provided by WebSphere Security Bulletin

0.008 Low

EPSS

Percentile

82.2%

Related for 10307B3EE55A7A9570E5032DE6E31F27811A99F9555CB48E0F5A00E5A00993EC