CVE-2015-7818

EUVD-2015-7716
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
ibmsystem_networking_switch_center
𝑥
≤ 7.3.1.4
lenovoswitch_center
𝑥
≤ 8.1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
https://support.lenovo.com/us/en/product_security/len_2015_074
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
https://support.lenovo.com/us/en/product_security/len_2015_074