CVE-2015-1885 — IBM Websphere Application Server vulnerability

CWE-2643 documents3 sources

Severity

9.3CRITICALNVD

EPSS

2.5%

top 14.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedApr 27

Latest updateMay 17

Description

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/websphere_application_server37 versions+36

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-g938-6gw8-84qv: WebSphereOauth20SP↗2022-05-17

▶

CVEList

CVE-2015-1885: WebSphereOauth20SP↗2015-04-26

▶