CVE-2015-1946 — IBM Websphere Application Server vulnerability

CWE-2643 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 81.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server IBM Websphere Virtual Enterprise

Timeline

PublishedJul 14

Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶NVDibm/websphere_application_server11 versions+10

▶NVDibm/websphere_virtual_enterprise6 versions+5

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-mrjc-wrm5-v28v: IBM WebSphere Application Server (WAS) 8↗2022-05-17

▶

CVEList

CVE-2015-1946: IBM WebSphere Application Server (WAS) 8↗2015-07-14

▶