CVE-2015-0175 — IBM Websphere Application Server vulnerability

CWE-2643 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 41.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedApr 27

Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDibm/websphere_application_server8 versions+7

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rgvg-78hp-qch3: IBM WebSphere Application Server (WAS) 8↗2022-05-17

▶

CVEList

CVE-2015-0175: IBM WebSphere Application Server (WAS) 8↗2015-04-26

▶