WebSphere Application Server and WebSphere Application Server Hypervisor Edition could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions .
CVEID: CVE-2015-1920**
DESCRIPTION:** WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102404> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This vulnerability affects Tivoli Netcool Service Quality Manager 4.1.4
IBM has provided patches for all affected versions.
The fix for the IBM WebSphere Application Server Version 6.1 can be downloaded from the IBM Fix Central site:
<http://www-01.ibm.com/support/docview.wss?uid=swg24039898>
The TNSQM system has to be stopped during upgrade.
None