Lucene search

[email protected]CVE-2015-7818

HistoryNov 12, 2015 - 3:59 a.m.

CVE-2015-7818

2015-11-1203:59:06

CWE-264

[email protected]

web.nvd.nist.gov

ibm

snsc

lenovo

switch center

web service

local users

execute

arbitrary code

jsp

apache axis adminservice

privilege escalation

cve-2015-7818

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.4%

JSON

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

Affected configurations

NVD

Node

ibmsystem_networking_switch_centerRange≤7.3.1.4

Node

lenovoswitch_centerRange≤8.1.1.0

CPENameOperatorVersion
ibm:system_networking_switch_centeribm system networking switch centerle7.3.1.4

CPE	Name	Operator	Version
ibm:system_networking_switch_center	ibm system networking switch center	le	7.3.1.4

References

www.zerodayinitiative.com/advisories/ZDI-15-551/

support.lenovo.com/us/en/product_security/len_2015_074

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.4%

JSON

Related for CVE-2015-7818

cvelist1 zdi1 prion1 nvd1 lenovo2 ibm1