CVE-2015-1946

MEDIUM

Description

IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors.

References

http://www.securityfocus.com/bid/75496

http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180

http://www-01.ibm.com/support/docview.wss?uid=swg21959083

Details

Source: MITRE

Published: 2015-07-14

Updated: 2016-11-28

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM