Lucene search
HistoryNov 08, 2015 - 10:59 p.m.
CVE-2015-4963
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
71.2%
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
Affected configurations
Node
ibmsecurity_access_manager_for_webMatch7.0
ORibmsecurity_access_manager_for_webMatch7.0.0.1
ORibmsecurity_access_manager_for_webMatch7.0.0.2
ORibmsecurity_access_manager_for_webMatch7.0.0.3
ORibmsecurity_access_manager_for_webMatch7.0.0.4
ORibmsecurity_access_manager_for_webMatch7.0.0.5
ORibmsecurity_access_manager_for_webMatch7.0.0.6
ORibmsecurity_access_manager_for_webMatch7.0.0.7
ORibmsecurity_access_manager_for_webMatch7.0.0.8
ORibmsecurity_access_manager_for_webMatch7.0.0.9
ORibmsecurity_access_manager_for_webMatch7.0.0.10
ORibmsecurity_access_manager_for_webMatch7.0.0.11
ORibmsecurity_access_manager_for_webMatch7.0.0.12
ORibmsecurity_access_manager_for_webMatch7.0.0.13
ORibmsecurity_access_manager_for_webMatch7.0.0.14
ORibmsecurity_access_manager_for_webMatch7.0.0.15
ORibmsecurity_access_manager_for_webMatch8.0
ORibmsecurity_access_manager_for_webMatch8.0.0.2
ORibmsecurity_access_manager_for_webMatch8.0.0.3
ORibmsecurity_access_manager_for_webMatch8.0.0.4
ORibmsecurity_access_manager_for_webMatch8.0.0.5
ORibmsecurity_access_manager_for_webMatch8.0.0.22
ORibmsecurity_access_manager_for_webMatch8.0.0.31
ORibmsecurity_access_manager_for_webMatch8.0.1.0
ORibmsecurity_access_manager_for_webMatch8.0.1.1
ORibmsecurity_access_manager_for_webMatch8.0.1.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | security_access_manager_for_web | 7.0 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.1 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.1:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.2 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.2:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.3 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.3:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.4 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.4:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.5 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.5:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.6 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.6:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.7 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.7:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.8 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.8:*:*:*:*:*:*:* |
| ibm | security_access_manager_for_web | 7.0.0.9 | cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.9:*:*:*:*:*:*:* |
Related
ibm
ibm
prion
prion
Design/Logic Flaw
2015-11-08 22:59:00
cvelist
cvelist
CVE-2015-4963
2015-11-08 22:00:00
cve
cve
CVE-2015-4963
2015-11-08 22:59:12
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.003
Percentile
71.2%
Related for NVD:CVE-2015-4963