Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (SNSC)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM System Networking Switch Center SNSC. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details VEID: CVE-2018-2579 DESCRIPTION: An...

snsc.or.kr Cross Site Scripting vulnerability OBB-1356544

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

snsc.or.kr Cross Site Scripting vulnerability OBB-1352499

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2015-7818

The administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file...

CVE-2015-7817

Race condition in the administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal...

Code injection

The administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file...

CVE-2015-7818

CVE-2015-7818 affects IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0. The issue enables a local attacker to upload and execute a JSP file under SYSTEM privileges by exploiting the Apache Axis AdminService deployment method. Affected version detai...

CVE-2015-7820

CVE-2015-7820 is a race-condition vulnerability in IBM System Networking Switch Center (SNSC) and Lenovo Switch Center that, on affected releases, can let a remote attacker obtain privileged-account access and then abuse ZipDownload.jsp to read arbitrary files. The issue affects SNSC prior to 7.3...

CVE-2015-7819

IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 are affected by CVE-2015-7819. The vulnerability affects the SNSC/Password DB service that listens on port 40999 and allows remote attackers to obtain sensitive administrator credentials, demonstrate...

IBM System Networking Switch Center Local Privilege Escalation Vulnerability

This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on...

IBM System Networking Switch Center FileReader.jsp Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 HT...

IBM System Networking Switch Center ZipDownload.jsp Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 HT...