Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8940FB7E7C545913A0ABBBABC6E8D82CC5BC34296FED2536B4C21810CD26D433
HistoryAug 19, 2022 - 11:26 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Intelligent Operations Center and related products (CVE-2015-7417)

2022-08-1923:26:06
www.ibm.com
12
ibm websphere
intelligent operations center
cross-site scripting

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been identified and published in a security bulletin.

Vulnerability Details

Consult the security bulletin Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2015-7417) for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Versions

| Affected Supporting Products and Versions
—|—
IBM Intelligent Operations Center V1.5, V1.6| IBM Intelligent Operations Center for Emergency Management V1.6
IBM Intelligent Operations for Water V1.0, V1.5, V1.6
IBM Intelligent Operations for Transportation V1.0, V1.5, V1.6
IBM Intelligent City Planning and Operations V1.5, V1.6
IBM Intelligent Operations Center V5.1| IBM Intelligent Operations Center for Emergency Management V5.1

Remediation/Fixes

Download the correct version of the fix from the following link: Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2015-7417). Installation instructions for the fix are included in the readme document that is in the fix package.

Affected configurations

Vulners
Node
ibmintelligent_operations_centerMatch1.0
OR
ibmintelligent_operations_centerMatch1.5
OR
ibmintelligent_operations_centerMatch1.5.0.1
OR
ibmintelligent_operations_centerMatch1.5.0.2
OR
ibmintelligent_operations_centerMatch1.6
OR
ibmintelligent_operations_centerMatch1.6.0.1
OR
ibmintelligent_operations_centerMatch1.6.0.2
OR
ibmintelligent_operations_centerMatch1.6.0.3
OR
ibmintelligent_operations_centerMatch5.1
OR
ibmintelligent_operations_centerMatch5.1.0.1
OR
ibmintelligent_operations_centerMatch5.1.0.2
OR
ibmintelligent_operations_centerMatch5.1.0.3
OR
ibmintelligent_operations_center_for_emergency_managementMatch1.6
OR
ibmintelligent_operations_center_for_emergency_managementMatch5.1
OR
ibmintelligent_operations_center_for_emergency_managementMatch5.1.0.2
OR
ibmintelligent_operations_center_for_emergency_managementMatch5.1.0.3
OR
ibmmaximo_for_transportationMatch1.6.1
OR
ibmmaximo_for_transportationMatch1.6
OR
ibmmaximo_for_transportationMatch1.5.0
OR
ibmmaximo_for_transportationMatch1.0.1.3
OR
ibmmaximo_for_transportationMatch1.0.1.2
OR
ibmmaximo_for_transportationMatch1.0.1.1
OR
ibmmaximo_for_transportationMatch1.0.1
OR
ibmmaximo_for_transportationMatch1.0.0
OR
ibmwater_operations_for_waternamicsMatch1.6.1.1
OR
ibmwater_operations_for_waternamicsMatch1.6.1
OR
ibmwater_operations_for_waternamicsMatch1.6.0
OR
ibmwater_operations_for_waternamicsMatch1.5.1
OR
ibmwater_operations_for_waternamicsMatch1.5.0.2
OR
ibmwater_operations_for_waternamicsMatch1.5.0.1
OR
ibmwater_operations_for_waternamicsMatch1.5.0
OR
ibmwater_operations_for_waternamicsMatch1.0.0
OR
ibmwater_operations_for_waternamicsMatch1.6.1.2
VendorProductVersionCPE
ibmintelligent_operations_center1.0cpe:2.3:a:ibm:intelligent_operations_center:1.0:*:*:*:*:*:*:*
ibmintelligent_operations_center1.5cpe:2.3:a:ibm:intelligent_operations_center:1.5:*:*:*:*:*:*:*
ibmintelligent_operations_center1.5.0.1cpe:2.3:a:ibm:intelligent_operations_center:1.5.0.1:*:*:*:*:*:*:*
ibmintelligent_operations_center1.5.0.2cpe:2.3:a:ibm:intelligent_operations_center:1.5.0.2:*:*:*:*:*:*:*
ibmintelligent_operations_center1.6cpe:2.3:a:ibm:intelligent_operations_center:1.6:*:*:*:*:*:*:*
ibmintelligent_operations_center1.6.0.1cpe:2.3:a:ibm:intelligent_operations_center:1.6.0.1:*:*:*:*:*:*:*
ibmintelligent_operations_center1.6.0.2cpe:2.3:a:ibm:intelligent_operations_center:1.6.0.2:*:*:*:*:*:*:*
ibmintelligent_operations_center1.6.0.3cpe:2.3:a:ibm:intelligent_operations_center:1.6.0.3:*:*:*:*:*:*:*
ibmintelligent_operations_center5.1cpe:2.3:a:ibm:intelligent_operations_center:5.1:*:*:*:*:*:*:*
ibmintelligent_operations_center5.1.0.1cpe:2.3:a:ibm:intelligent_operations_center:5.1.0.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 331

Related

openvas 1
ibm 25
cve 1
nessus 3
prion 1
nvd 1
cvelist 1
openvas
openvas
IBM Websphere Application Server Cross Site Scripting Vulnerability-01 (Feb 2016)
2016-02-16 00:00:00
ibm
ibm
Security Bulletin: A cross-site scripting vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager Version 9 (CVE-2015-7417)
2018-06-16 21:44:32
Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2015-7417)
2018-06-15 07:04:32
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2015-7417)
2018-06-15 07:04:59
cve
cve
CVE-2015-7417
2016-01-23 05:59:01
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.41 / 8.0 < 8.0.0.12 / 8.5 < 8.5.5.9 OAuth Provider XSS
2016-04-04 00:00:00
IBM WebSphere Application Server 8.5 < 8.5.5.9 Multiple Vulnerabilities
2016-10-26 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.41 Multiple Vulnerabilities
2016-10-26 00:00:00
prion
prion
Cross site scripting
2016-01-23 05:59:00
nvd
nvd
CVE-2015-7417
2016-01-23 05:59:01
cvelist
cvelist
CVE-2015-7417
2016-01-23 02:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

JSON
Related for 8940FB7E7C545913A0ABBBABC6E8D82CC5BC34296FED2536B4C21810CD26D433
openvas1ibm25cve1nessus3prion1nvd1cvelist1