CVE-2015-1885

Sažetak

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.

Reference

http://www.securityfocus.com/bid/74219
http://www.securitytracker.com/id/1032190
http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202
http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211
http://www-01.ibm.com/support/docview.wss?uid=swg21697368
http://www-01.ibm.com/support/docview.wss?uid=swg21963275

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

22-12-2016 - 02:59

Objavljeno

27-04-2015 - 12:59