CVE-2015-7490
low
CVSS v3
3.1
CVSS v2
3.5
VIR risk
3.1
Description
IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.
Predictions
Exploit likelihood
42%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21975827
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1JR54787
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | infosphere_information_server | 8.5 | |
| ibm | infosphere_information_server | 8.5.0.1 | |
| ibm | infosphere_information_server | 8.5.0.2 | |
| ibm | infosphere_information_server | 8.5.0.3 | |
| ibm | infosphere_information_server | 8.7 | |
| ibm | infosphere_information_server | 8.7.0.1 | |
| ibm | infosphere_information_server | 8.7.0.2 | |
| ibm | infosphere_information_server | 9.1 | |
| ibm | infosphere_information_server | 9.1.0.1 | |
| ibm | infosphere_information_server | 9.1.2 | |
| ibm | infosphere_information_server | 11.3 | |
| ibm | infosphere_information_server | 11.3.1 | |
| ibm | infosphere_information_server | 11.5 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54787
- http://www-01.ibm.com/support/docview.wss?uid=swg21975827
- http://www.securitytracker.com/id/1035125
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54787
- http://www-01.ibm.com/support/docview.wss?uid=swg21975827
- http://www.securitytracker.com/id/1035125
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.