Lucene search

K
ibmIBM3DCB65329F12A675A409FF5460E4F2055ABEC5C568C06CEF5C7FCFF22450E2AD
HistoryNov 28, 2018 - 11:35 a.m.

Security Bulletin: Potential vulnerability in WebSphere Application Server shipped with Jazz for Service Management (CVE-2015-0899)

2018-11-2811:35:01
www.ibm.com
15

EPSS

0.949

Percentile

99.3%

Summary

There is a potential vulnerability in WebSphere Application Server.

Vulnerability Details

CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101770 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Jazz for Service Management version 1.1.0 - 1.1.3

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version | Affected Supporting Product Security Bulletin
β€”|β€”|β€”
Jazz for Service Management version 1.1.0 - 1.1.3 | Websphere Application Server Full Profile 8.5.5 |

Security Bulletin: Potential vulnerability in WebSphere Application Server (CVE-2015-0899)

Workarounds and Mitigations

Please refer to WAS iFix

CPENameOperatorVersion
jazz for service managementeqany

EPSS

0.949

Percentile

99.3%