CVE-2015-1893

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
ibmwebsphere_datapower_xc10_appliance_firmware
2.1.0.0
ibmwebsphere_datapower_xc10_appliance_firmware
2.1.0.1
ibmwebsphere_datapower_xc10_appliance_firmware
2.1.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07841
http://www-01.ibm.com/support/docview.wss?uid=swg21701337
http://www.securityfocus.com/bid/73916
http://www.securitytracker.com/id/1032025
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07841
http://www-01.ibm.com/support/docview.wss?uid=swg21701337
http://www.securityfocus.com/bid/73916
http://www.securitytracker.com/id/1032025