IBMB99AFE0C402ABE705C047E6420A1933221EF46C2D9440E185B1443712BBB311FSecurity Bulletin: Multiple vulnerabilities in IBM InfoSphere Optim Workload Replay (CVE-2015-1894, CVE-2015-1895)
EPSS
Percentile
49.8%
Summary
Multiple vulnerabilities have been identified in IBM® InfoSphere® Optim™ Workload Replay, allowing an attacker to obtain information or gain access to data and operations that are restricted to authorized users.
Vulnerability Details
CVEID: CVE-2015-1894**
DESCRIPTION:** IBM Optim Workload Replay is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, web cache poisoning, and other malicious activities.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101530> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVEID: CVE-2015-1895**
DESCRIPTION:** IBM Optim Workload Replay could allow a remote attacker to bypass security restrictions, caused by missing validation of user authorization. By bypassing client-side authorization checks, an attacker could exploit this vulnerability to bypass authorization checks and gain unauthorized access to various user actions.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101543> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM InfoSphere Optim Workload Replay versions 2.1, 2.1.0.1, and 2.1.0.2.
Remediation/Fixes
Install InfoSphere Workload Replay v2.1.0.3.
To download InfoSphere Workload Replay v2.1.0.3, see the download instructions.
Workarounds and Mitigations
None known
Related
EPSS
Percentile
49.8%