Vulnerability Name: CVE-2015-1927 (CCN-102872) Assigned: 2015-06-30 Published: 2015-06-30 Updated: 2016-12-22 Summary: The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-284 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2015-1927 PI31622 http://www-01.ibm.com/support/docview.wss?uid=swg21959083 http://www-01.ibm.com/support/docview.wss?uid=swg21963275 Vulnerabilities in Websphere Liberty Profile (WLP) affect Power Management Console (CVE-2015-2017, CVE-2015-1927, CVE-2015-4938) Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.6 Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.11 A security vulnerability has been identified in Tivoli Integrated Portal and IBM WebSphere Liberty Server shipped with Tivoli FastBack for Workstations Central Administration Console (CVE-2015-1927) Incorrect setting for serveServletsbyClassname can affect FTM for Check Services and FTM for Corporate Payment Services (CVE-2015-1927) Incorrect setting for serveServletsbyClassname can affect FTM for ACH Services, FTM for Check Services, and FTM for Corporate Payment Services (CVE-2015-1927) A security vulnerability has been identified in WebSphere Liberty Profile and WebSphere Application Server shipped with License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed Multiple vulnerabilities in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise IBM Maximo Asset Management contains a misconfiguration that could allow a remote attacker to gain elevated privileges on the system (CVE-2015-1927) Security Vulnerability in IBM WebSphere Application Server affects IBM Content Collector (CVE-2015-1927) IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2015-7450, CVE-2015-2017, CVE-2015-4938, CVE-2015-1932, CVE-2015-1927 ) A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Storage Productivity Center (CVE-2015-1927) 75486 IBM WebSphere Application Server CVE-2015-1927 Remote Privilege Escalation Vulnerability 1033383 ibm-websphere-cve20151927-priv-escalation(102872) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0.0.10:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:* AND cpe:/a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:content_collector:3.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:maximo_asset_management:7.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_orchestrator:2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:2.1.1.8:*:*:*:*:check_services:*:* OR cpe:/a:ibm:license_metric_tool:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:9.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:9.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_orchestrator:2.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:* BACK
ibm websphere application server 7.0
ibm websphere application server 7.0.0.1
ibm websphere application server 7.0.0.2
ibm websphere application server 7.0.0.3
ibm websphere application server 7.0.0.4
ibm websphere application server 7.0.0.5
ibm websphere application server 7.0.0.6
ibm websphere application server 7.0.0.7
ibm websphere application server 7.0.0.8
ibm websphere application server 7.0.0.9
ibm websphere application server 7.0.0.10
ibm websphere application server 7.0.0.11
ibm websphere application server 7.0.0.12
ibm websphere application server 7.0.0.13
ibm websphere application server 7.0.0.14
ibm websphere application server 7.0.0.15
ibm websphere application server 7.0.0.16
ibm websphere application server 7.0.0.17
ibm websphere application server 7.0.0.18
ibm websphere application server 7.0.0.19
ibm websphere application server 7.0.0.21
ibm websphere application server 7.0.0.22
ibm websphere application server 7.0.0.23
ibm websphere application server 7.0.0.24
ibm websphere application server 7.0.0.25
ibm websphere application server 7.0.0.27
ibm websphere application server 7.0.0.29
ibm websphere application server 7.0.0.31
ibm websphere application server 7.0.0.32
ibm websphere application server 7.0.0.33
ibm websphere application server 7.0.0.34
ibm websphere application server 7.0.0.36
ibm websphere application server 7.0.0.37
ibm websphere application server 7.0.0.38
ibm websphere application server 8.0.0.0
ibm websphere application server 8.0.0.1
ibm websphere application server 8.0.0.2
ibm websphere application server 8.0.0.3
ibm websphere application server 8.0.0.4
ibm websphere application server 8.0.0.5
ibm websphere application server 8.0.0.6
ibm websphere application server 8.0.0.7
ibm websphere application server 8.0.0.8
ibm websphere application server 8.0.0.9
ibm websphere application server 8.0.0.10
ibm websphere application server 8.5.0.0
ibm websphere application server 8.5.0.1
ibm websphere application server 8.5.0.2
ibm websphere application server 8.5.5.0
ibm websphere application server 8.5.5.1
ibm websphere application server 8.5.5.2
ibm websphere application server 8.5.5.3
ibm websphere application server 8.5.5.4
ibm websphere application server 8.5.5.5
ibm websphere application server 6.1
ibm websphere application server 7.0
ibm websphere application server 8.0
ibm websphere application server 8.5
ibm websphere application server 8.5.5
ibm maximo asset management 7.1
ibm maximo asset management 7.5
ibm content collector 3.0.0.0
ibm license metric tool 7.5
ibm maximo asset management 7.1.1
ibm cloud orchestrator 2.3
ibm maximo asset management 7.6
ibm cloud orchestrator 2.4
ibm financial transaction manager 2.1.1.8
ibm license metric tool 9.0
ibm license metric tool 9.0.1
ibm license metric tool 9.1.0.1
ibm financial transaction manager 3.0.0.0
ibm financial transaction manager 3.0.0.1
ibm financial transaction manager 3.0.0.2
ibm tivoli monitoring 6.2.2
ibm tivoli monitoring 6.2.3
ibm tivoli monitoring 6.3.0
ibm financial transaction manager 3.0.0.3
ibm financial transaction manager 3.0.0.4
ibm license metric tool 9.2.0
ibm financial transaction manager 3.0.0.5
ibm cloud orchestrator 2.3.0.1
ibm financial transaction manager 3.0.0.6
ibm financial transaction manager 3.0.0.7
ibm cloud orchestrator 2.4.0.1
ibm cloud orchestrator 2.4.0.2
Denotes that component is vulnerable