CVE-2015-7418

CWE-200 — Information Exposure3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 81.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Websphere Datapower Xc10 Appliance IBM Websphere Extreme Scale

Timeline

PublishedFeb 8

Latest updateMay 17

Description

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm_corporation/websphere_datapower_xc10_appliance11 versions+10

▶NVDibm/websphere_extreme_scale4 versions+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-hj6p-66qf-57fg: IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten whic↗2022-05-17

▶

CVEList

CVE-2015-7418: IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten whic↗2017-02-08

▶