CVE-2015-1885

critical

Description

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.

References

http://www.securitytracker.com/id/1032190

http://www.securityfocus.com/bid/74219

http://www-01.ibm.com/support/docview.wss?uid=swg21963275

http://www-01.ibm.com/support/docview.wss?uid=swg21697368

http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211

http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202

Details

Source: Mitre, NVD

Published: 2015-04-27

Updated: 2016-12-22

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical