WebSphere Application Server shipped as a component of IBM Security Identity Manager could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
CVEID: CVE-2015-1920 **
DESCRIPTION:** WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102404 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Principal Product and Version(s)
| Affected Supporting Product and Version
β|β
IBM Security Identity Manager version 7.0| N/A. Apply ISIM fix pack.
IBM Security Identity Manager version 6.0| WebSphere Application Server version 7.0
IBM Tivoli Identity Manager version 5.1| WebSphere Application Server versions 6.1 and 7.0
Product and Version
| Fixes
β|β
IBM Security Identity Manager 7.0| Apply IBM Security Identity Manager Virtual Appliance version 7.0 fixpack 7.0.0-ISS-SIM-FP0002
IBM Security Identity Manager 6.0| Follow instructions as provided by WebSphere Security Bulletin
IBM Tivoli Identity Manager 5.1| Follow instructions as provided by WebSphere Security Bulletin
CPE | Name | Operator | Version |
---|---|---|---|
ibm security identity manager | eq | 6.0 | |
ibm security identity manager | eq | 5.1 | |
ibm security identity manager | eq | 7.0 |