CVE-2015-1927Improper Access Control in IBM Websphere Application Server

CWE-284Improper Access Control4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.6%
top 31.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedJul 14
Latest updateMay 17

Description

The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-59xx-v58q-6v8h: The default configuration of IBM WebSphere Application Server (WAS) 72022-05-17
CVEList
CVE-2015-1927: The default configuration of IBM WebSphere Application Server (WAS) 72015-07-14

💬Community

1
Bugzilla
CVE-2015-4871 OpenJDK: protected methods can be used as interface methods via DirectMethodHandle (Libraries)2015-10-21
CVE-2015-1927 — Improper Access Control in IBM | cvebase