CVE-2015-4963

critical

Description

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

References

http://www.securitytracker.com/id/1034103

http://www-01.ibm.com/support/docview.wss?uid=swg21964828

http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196

Details

Source: Mitre, NVD

Published: 2015-11-08

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.01125