CVE-2015-1885

HIGH

Description

WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.

References

http://www.securityfocus.com/bid/74219

http://www.securitytracker.com/id/1032190

http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202

http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211

http://www-01.ibm.com/support/docview.wss?uid=swg21697368

http://www-01.ibm.com/support/docview.wss?uid=swg21963275

Details

Source: MITRE

Published: 2015-04-27

Updated: 2016-12-22

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH