CVE-2015-1946

high

Description

IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

References

http://www.securityfocus.com/bid/75496

http://www-01.ibm.com/support/docview.wss?uid=swg21959083

http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180

Details

Source: Mitre, NVD

Published: 2015-07-14

Updated: 2016-11-28

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High