CVE-2015-7818

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
VendorProductVersion
ibmsystem_networking_switch_center
𝑥
≤ 7.3.1.4
lenovoswitch_center
𝑥
≤ 8.1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
https://support.lenovo.com/us/en/product_security/len_2015_074
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
https://support.lenovo.com/us/en/product_security/len_2015_074