Lucene search

PRIOn knowledge basePRION:CVE-2015-1882

HistoryApr 27, 2015 - 12:59 p.m.

Race condition

2015-04-2712:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.6%

JSON

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

CPENameOperatorVersion
websphere_application_servereq8.5.0.2
websphere_application_servereq8.5.5.1
websphere_application_servereq8.5.5.0
websphere_application_servereq8.5.5.4
websphere_application_servereq8.5.0.1
websphere_application_servereq8.5.0.0
websphere_application_servereq8.5.5.3
websphere_application_servereq8.5.5.2

Name	Operator	Version
websphere_application_server	eq	8.5.0.2
websphere_application_server	eq	8.5.5.1
websphere_application_server	eq	8.5.5.0
websphere_application_server	eq	8.5.5.4
websphere_application_server	eq	8.5.0.1
websphere_application_server	eq	8.5.0.0
websphere_application_server	eq	8.5.5.3
websphere_application_server	eq	8.5.5.2

References

www-01.ibm.com/support/docview.wss?uid=swg1PI33357

www-01.ibm.com/support/docview.wss?uid=swg21697368

www.securityfocus.com/bid/74222

www.securitytracker.com/id/1032190

7.5 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.6%

JSON

Related for PRION:CVE-2015-1882