9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
IBM WebSphere Application Server Liberty Core 8.5.5.1 is shipped as a component of IBM Operations Analytics - Predictive Insights. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty Core 8.5.5.1 has been published in a security bulletin.
Please consult the security bulletin Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.6 for vulnerability details and information about fixes.
CVE ID:CVE-2015-1885 (APAR PI33202 and PI36211)
DESCRIPTION: WebSphere Application Server Full Profile and Liberty Profile could allow a remote attacker to gain elevated privileges on the system when OAuth grant type of password is used.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101255> for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-1927 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to gain elevated privileges on the system, caused by an application not having the correct serveServletsbyClassname setting. By a developer not setting the correct property, an attacker could exploit this vulnerability to gain unauthorized access.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102872> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-1946 DESCRIPTION: IBM WebSphere Application Server 8.5 and IBM WebSphere Virtual Enterprise 7.0 could allow a local attacker to gain elevated privileges on the system cause by the user roles not being handled properly.
CVSS Base Score: 4.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/103201>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P)
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Operations Analytics - Predictive Insights 1.3, 1.3.1, 1.3.2| IBM WebSphere Application Server Liberty Core 8.5.5.1
CPE | Name | Operator | Version |
---|---|---|---|
ibm operations analytics - predictive insights | eq | any |