6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.7%
IBM WebSphere Application Server is shipped as a component of Tivoli Netcool/Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
Please consult the security bulletin PI31622: Potential Security Vulnerability with serveServlets CVE-2015-1927 for vulnerability details and information about fixes.
CVEID: CVE-2015-1927 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to gain elevated privileges on the system, caused by an application not having the correct serveServletsbyClassname setting. By a developer not setting the correct property, an attacker could exploit this vulnerability to gain unauthorized access.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102872> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
Tivoli Netcool/Impact 6.1.x| WebSphere 7.0
Tivoli Netcool/Impact 7.1.0| WebSphere Liberty Profile 8.5.5
VRMF | Websphere release level | Remediation |
---|---|---|
7.1.0 |
| 8.5.5
| Apply 7.1.0-TIV-NCI-FP0003 for Websphere Liberty Profile upgrade to 8.5.5.6
See Websphere Application Server Security Bulletin for more details:
<http://www-01.ibm.com/support/docview.wss?uid=swg21959083>
6.1.1| 7.0| Apply Fix Pack 39 (7.0.0.39), or later (targeted to be available 26 October 2015).
-- OR
See Websphere Application Server Security Bulletin for more details:
<http://www-01.ibm.com/support/docview.wss?uid=swg21959083>
6.1| 7.0| Apply Fix Pack 39 (7.0.0.39), or later (targeted to be available 26 October 2015).
-- OR
See Websphere Application Server Security Bulletin for more details:
<http://www-01.ibm.com/support/docview.wss?uid=swg21959083>
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool/impact | eq | 6.1 | |
tivoli netcool/impact | eq | 6.1.1 | |
tivoli netcool/impact | eq | 7.1.0 |