CVE-2015-2018

EUVD-2015-2131
IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
ibmintegration_bus
9.0
ibmintegration_bus
10.0
ibmwebsphere_message_broker
7.0.
ibmwebsphere_message_broker
7.0.0.1
ibmwebsphere_message_broker
7.0.0.2
ibmwebsphere_message_broker
7.0.0.3
ibmwebsphere_message_broker
7.0.0.4
ibmwebsphere_message_broker
7.0.0.5
ibmwebsphere_message_broker
7.0.0.6
ibmwebsphere_message_broker
7.0.0.7
ibmwebsphere_message_broker
8.0
ibmwebsphere_message_broker
8.0.0.1
ibmwebsphere_message_broker
8.0.0.2
ibmwebsphere_message_broker
8.0.0.3
ibmwebsphere_message_broker
8.0.0.4
ibmwebsphere_message_broker
8.0.0.5
ibmwebsphere_message_broker
8.0.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07773
http://www-01.ibm.com/support/docview.wss?uid=swg21961734
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07773
http://www-01.ibm.com/support/docview.wss?uid=swg21961734