CVE-2015-1882

Sažetak

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

Reference

http://www.securityfocus.com/bid/74222
http://www.securitytracker.com/id/1032190
http://www-01.ibm.com/support/docview.wss?uid=swg1PI33357
http://www-01.ibm.com/support/docview.wss?uid=swg21697368

CVSS

Base:	8.5
Impact:	10.0
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

04-08-2016 - 03:18

Objavljeno

27-04-2015 - 12:59