CVE-2015-2018

CWE-200 — Information Exposure CWE-502 — Deserialization of Untrusted Data27 documents15 sources

Severity

3.5LOW

EPSS

0.1%

top 65.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Integration BUS IBM Websphere Message Broker

Timeline

PublishedAug 23

Latest updateMay 17

Description

IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/websphere_message_broker15 versions+14

▶NVDibm/integration_bus10.0, 9.0+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-pc29-jph7-fgwg: IBM Integration Bus 9 and 10 before 10↗2022-05-17

▶

GHSA

Apache NiFi JMS Deserialization issue↗2022-05-14

▶

OSV

drupal7 vulnerabilities↗2021-03-15

▶

CVEList

CVE-2015-2018: IBM Integration Bus 9 and 10 before 10↗2015-08-23

▶

💥Exploits & PoCs

Exploit-DB

Siemens SIMATIC S7-300 CPU - Remote Denial of Service↗2018-05-30

▶

Exploit-DB

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery↗2018-05-21

▶

💬Community

Bugzilla

CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)↗2018-10-15

▶

Bugzilla

CVE-2018-18065 net-snmp: NULL pointer exception in _set_key in agent/helpers/table_container.c resulting in a denial of service↗2018-10-09

▶

Bugzilla

CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression↗2018-08-22

▶

Bugzilla

CVE-2018-10908 vdsm: calls to qemu-img are not protected by prlimit/ulimit↗2018-07-20

▶