Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM818B4668F5D742256E6A27450B4E39C7939239EBD3F6A223065C6979A0119F44
HistoryJun 17, 2018 - 3:07 p.m.

Security Bulletin: A security vulnerability has been identified in IBM Operations Analytics - Predictive Insights (CVE-2015-1885, CVE-2015-1927, CVE-2015-1946)

2018-06-1715:07:36
www.ibm.com
8

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Summary

IBM WebSphere Application Server Liberty Core 8.5.5.1 is shipped as a component of IBM Operations Analytics - Predictive Insights. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty Core 8.5.5.1 has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.6 for vulnerability details and information about fixes.

CVE ID:CVE-2015-1885 (APAR PI33202 and PI36211)
DESCRIPTION: WebSphere Application Server Full Profile and Liberty Profile could allow a remote attacker to gain elevated privileges on the system when OAuth grant type of password is used.
CVSS Base Score: 9.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101255&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-1927 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to gain elevated privileges on the system, caused by an application not having the correct serveServletsbyClassname setting. By a developer not setting the correct property, an attacker could exploit this vulnerability to gain unauthorized access.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102872&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-1946 DESCRIPTION: IBM WebSphere Application Server 8.5 and IBM WebSphere Virtual Enterprise 7.0 could allow a local attacker to gain elevated privileges on the system cause by the user roles not being handled properly.
CVSS Base Score: 4.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/103201&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:P/I:P/A:P)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Operations Analytics - Predictive Insights 1.3, 1.3.1, 1.3.2| IBM WebSphere Application Server Liberty Core 8.5.5.1

Related

ibm 41
cve 3
prion 3
openvas 3
nessus 4
ibm
ibm
Security Bulletin: Three security vulnerabilities have been identified in WebSphere Application Server shipped with IBM eDiscovery Manager (CVE-2015-1885, CVE-2015-1927, CVE-2015-1946)
2018-06-17 12:12:00
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2015-1927, CVE-2015-1946, CVE-2015-1885)
2018-06-15 07:03:27
Security Bulletin:A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition (CVE-2015-1885, CVE-2015-0250, CVE-2015-1927, and CVE-2015-1946)
2018-06-17 15:07:19
cve
cve
CVE-2015-1885
2015-04-27 12:59:00
CVE-2015-1946
2015-07-14 17:59:00
CVE-2015-1927
2015-07-14 17:59:00
prion
prion
Design/Logic Flaw
2015-04-27 12:59:00
Code injection
2015-07-14 17:59:00
Default configuration
2015-07-14 17:59:00
openvas
openvas
IBM Websphere Application Server Privilege Escalation Vulnerability (Mar 2016)
2016-03-21 00:00:00
IBM Websphere Application Server Privilege Escalation Vulnerability (Apr 2016)
2016-04-12 00:00:00
IBM Websphere Application Server Privilege Escalation Vulnerability-01 (Apr 2016)
2016-04-12 00:00:00
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.6 (FP6) Multiple Vulnerabilities (Bar Mitzvah) (FREAK)
2015-07-09 00:00:00
IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)
2016-10-26 00:00:00
IBM WebSphere Application Server 8.5 < 8.5.5.6 Multiple Vulnerabilities (FREAK)
2016-10-26 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for 818B4668F5D742256E6A27450B4E39C7939239EBD3F6A223065C6979A0119F44
ibm41cve3prion3openvas3nessus4