Lucene search
IbmCVE-2015-4963HistoryNov 08, 2015 - 10:59 p.m.
CVE-2015-4963
2015-11-0822:59:12
CWE-17
ibm
web.nvd.nist.gov
25
ibm
security access manager
web
7.x
8.x
webseal
httptransformation
cve-2015-4963
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
71.2%
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
Affected configurations
Node
ibmsecurity_access_manager_for_webMatch7.0
ORibmsecurity_access_manager_for_webMatch7.0.0.1
ORibmsecurity_access_manager_for_webMatch7.0.0.2
ORibmsecurity_access_manager_for_webMatch7.0.0.3
ORibmsecurity_access_manager_for_webMatch7.0.0.4
ORibmsecurity_access_manager_for_webMatch7.0.0.5
ORibmsecurity_access_manager_for_webMatch7.0.0.6
ORibmsecurity_access_manager_for_webMatch7.0.0.7
ORibmsecurity_access_manager_for_webMatch7.0.0.8
ORibmsecurity_access_manager_for_webMatch7.0.0.9
ORibmsecurity_access_manager_for_webMatch7.0.0.10
ORibmsecurity_access_manager_for_webMatch7.0.0.11
ORibmsecurity_access_manager_for_webMatch7.0.0.12
ORibmsecurity_access_manager_for_webMatch7.0.0.13
ORibmsecurity_access_manager_for_webMatch7.0.0.14
ORibmsecurity_access_manager_for_webMatch7.0.0.15
ORibmsecurity_access_manager_for_webMatch8.0
ORibmsecurity_access_manager_for_webMatch8.0.0.2
ORibmsecurity_access_manager_for_webMatch8.0.0.3
ORibmsecurity_access_manager_for_webMatch8.0.0.4
ORibmsecurity_access_manager_for_webMatch8.0.0.5
ORibmsecurity_access_manager_for_webMatch8.0.0.22
ORibmsecurity_access_manager_for_webMatch8.0.0.31
ORibmsecurity_access_manager_for_webMatch8.0.1.0
ORibmsecurity_access_manager_for_webMatch8.0.1.1
ORibmsecurity_access_manager_for_webMatch8.0.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | security_access_manager_for_web | 7.0 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.1 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.1:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.2 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.2:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.3 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.3:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.4 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.4:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.5 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.5:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.6 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.6:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.7 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.7:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.8 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.8:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.9 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.9:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2015-11-08 22:59:00
ibm
ibm
cvelist
cvelist
CVE-2015-4963
2015-11-08 22:00:00
nvd
nvd
CVE-2015-4963
2015-11-08 22:59:12
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
71.2%
Related for CVE-2015-4963