2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2015-1946" ,
"sourceIdentifier" : "psirt@us.ibm.com" ,
"published" : "2015-07-14T17:59:02.323" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T02:26:27.187" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."
} ,
{
"lang" : "es" ,
"value" : "WebSphere Application Server (WAS) 8.5 anteriores a 8.5.5.6 y WebSphere Virtual Enterprise 7.0 anteriores a 7.0.0.6 para WebSphere Application Server (WAS) 7.0 y 8.0, no tienen los roles de usuarios correctamente implementados lo que permite a un usuario local obtener privilegios a trav\u00e9s de vectores no especificados."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.4 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "LOCAL" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "PARTIAL"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 3.4 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-264"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B0905C80-A1BA-49CD-90CA-9270ECC3940C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AF1667C5-D19B-469C-82D5-8406B6D75EDE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FC1D7570-4AB4-44B0-B5ED-D103F0946F63"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9E709E36-B5D0-42E5-A305-AF385FD7F347"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "49506702-1B31-4421-8DEE-5B789272EC6E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "158777FD-83D1-44B9-83B4-A3F490CA76F4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EDA2FE6B-6E42-4E97-B803-DAB671D30FF5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "72F5A562-5B2E-4BC7-8A81-EFE5ED265803"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "168E2F18-56C6-4789-BBAC-C99D4792046F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B53EBD40-8E1A-4516-927D-ED1CF212B211"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FC95AD4F-9A31-46EB-9B69-D2143AAACB40"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B812D190-1946-42DA-B40A-C9F2C623D2C8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "58A4313D-8666-4F9D-AFE4-22D51F9ABAF1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "395CFBE6-C129-4A30-8C61-4F02A1672ABF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.4:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A7B691E4-0062-4541-A826-E8DEAC71BC84"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.5:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "51F81483-22B2-4B3A-BB7F-6B2CEAFD3DC9"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180" ,
"source" : "psirt@us.ibm.com"
} ,
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959083" ,
"source" : "psirt@us.ibm.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/75496" ,
"source" : "psirt@us.ibm.com"
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21959083" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/75496" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
