CVE-2015-1885

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202
http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211
http://www-01.ibm.com/support/docview.wss?uid=swg21697368	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://www.securityfocus.com/bid/74219
http://www.securitytracker.com/id/1032190
http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202
http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211
http://www-01.ibm.com/support/docview.wss?uid=swg21697368	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
http://www.securityfocus.com/bid/74219
http://www.securitytracker.com/id/1032190

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_application_server:7.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.32:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.33:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.34:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.35:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.36:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.37:::::::*
	cpe:2.3:a:ibm:websphere_application_server:7.0.0.38:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:::::::*

History

21 Nov 2024, 02:26

Type	Values Removed	Values Added
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211 -
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21697368 - Patch, Vendor Advisory~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21697368 - Patch, Vendor Advisory
References	~~() http://www-01.ibm.com/support/docview.wss?uid=swg21963275 -~~	() http://www-01.ibm.com/support/docview.wss?uid=swg21963275 -
References	~~() http://www.securityfocus.com/bid/74219 -~~	() http://www.securityfocus.com/bid/74219 -
References	~~() http://www.securitytracker.com/id/1032190 -~~	() http://www.securitytracker.com/id/1032190 -

Information

Published : 2015-04-27 12:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-1885

Mitre link : CVE-2015-1885

CVE.ORG link : CVE-2015-1885

JSON object : View

Products Affected

ibm

websphere_application_server

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-1885", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-27T12:59:03.470", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697368", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/74219", "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1032190", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21697368", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/74219", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032190", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors."}, {"lang": "es", "value": "WebSphereOauth20SP.ear en IBM WebSphere Application Server (WAS) 7.0 anterior a 7.0.0.39, 8.0 anterior a 8.0.0.11, 8.5 Liberty Profile anterior a 8.5.5.5, y 8.5 Full Profile anterior a 8.5.5.6, cuando el tipo de cesi\u00f3n OAuth requiere el env\u00edo de una contrase\u00f1a, permite a atacantes remotos ganar privilegios a trav\u00e9s de vectores no especificados."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B108457A-50DC-4432-9E30-98ADBEBF2389"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A8FC820-48D5-4850-82F7-8DA4A18EFF51"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0661F4A0-A520-4443-B19D-6885920ADFE5"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6289CCB4-9A13-4BB5-B44E-7CA936DD8421"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "833256BB-E2A6-4FE9-BE4F-982578023E43"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9631D69C-AFEC-4CFF-9190-3E5435EDCEC2"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE94EFF2-CA86-4179-8250-350DF0D2BE83"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "373412A5-2971-4C92-BAAE-A1B77D2DA723"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "920F69CD-DEDB-4393-BE6E-B837BA6820B9"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B5FE844-7F1C-4326-94EF-2CC0B4196085"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5662B903-5480-403D-BC3D-2222F88264A6"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F830D7B-17C2-40B5-B4A4-7A99980F63AC"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D82C3F2-9C50-4D1A-B939-77FC53E44EDF"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03E6BAB6-D0D8-4698-BCF9-05D5A256FD37"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB7ACE7-6572-4D19-8E7A-BB9FC57AA343"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF042A51-E34A-482C-8601-9FD09E6C866A"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "075EC2D3-8A48-4103-910C-724A4CAF43DF"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BFE6260-F130-44E1-9A31-985153F51385"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "489E4427-4059-4026-B952-72364AFFC135"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B95D1940-E5AD-4B59-80B4-C3370BB03169"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7083F0E-57BA-4828-99E0-ECA8B54E2069"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28C790DF-0D8B-473B-AC11-A6F02C81319E"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "799B6FA0-0094-4CE9-8C63-8DBFF45E7260"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E3C74F1-5CF6-4C35-9F5A-B9EFE8153992"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABEFAA7D-56F8-4F73-A4E9-1A164B889F2F"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D6CA79D-1B97-45EF-A40E-8ADD3644201B"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C39BC1E7-EDF9-4AD6-BA15-4E750903B1F3"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE7083FC-586B-49C4-BEED-E8AF6F7DDE54"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1D7570-4AB4-44B0-B5ED-D103F0946F63"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E709E36-B5D0-42E5-A305-AF385FD7F347"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49506702-1B31-4421-8DEE-5B789272EC6E"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "158777FD-83D1-44B9-83B4-A3F490CA76F4"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDA2FE6B-6E42-4E97-B803-DAB671D30FF5"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72F5A562-5B2E-4BC7-8A81-EFE5ED265803"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "168E2F18-56C6-4789-BBAC-C99D4792046F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}

9.3 /10