CVE-2015-2027
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21966044
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | websphere_extreme_scale | 7.1.0 | |
| ibm | websphere_extreme_scale | 7.1.0.2 | |
| ibm | websphere_extreme_scale | 7.1.1 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
- http://www-01.ibm.com/support/docview.wss?uid=swg21966044
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
- http://www-01.ibm.com/support/docview.wss?uid=swg21966044
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.