CVE-2015-1946

EUVD-2015-2051
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
7.0
ibmwebsphere_application_server
8.0.0.0
ibmwebsphere_application_server
8.5.0.0
ibmwebsphere_application_server
8.5.0.1
ibmwebsphere_application_server
8.5.0.2
ibmwebsphere_application_server
8.5.5.0
ibmwebsphere_application_server
8.5.5.1
ibmwebsphere_application_server
8.5.5.2
ibmwebsphere_application_server
8.5.5.3
ibmwebsphere_application_server
8.5.5.4
ibmwebsphere_application_server
8.5.5.5
ibmwebsphere_virtual_enterprise
7.0
ibmwebsphere_virtual_enterprise
7.0.0.1
ibmwebsphere_virtual_enterprise
7.0.0.2
ibmwebsphere_virtual_enterprise
7.0.0.3
ibmwebsphere_virtual_enterprise
7.0.0.4
ibmwebsphere_virtual_enterprise
7.0.0.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180
http://www-01.ibm.com/support/docview.wss?uid=swg21959083
http://www.securityfocus.com/bid/75496
http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180
http://www-01.ibm.com/support/docview.wss?uid=swg21959083
http://www.securityfocus.com/bid/75496