ByteOS Network

NVD Vulnerability Details :

CVE-2015-1882

Deferred

Source-psirt@us.ibm.com

Published At-27 Apr, 2015 | 12:59

Updated At-12 Apr, 2025 | 10:46

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	8.5	HIGH	AV:N/AC:M/Au:S/C:C/I:C/A:C

CPE Matches

IBM Corporation

>>websphere_application_server>>8.5.0.0

cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.5.0.1

cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.5.0.2

cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.5.5.0

cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.5.5.1

cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.5.5.2

cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.5.5.3

cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>8.5.5.4

cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-362	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI33357	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21697368	psirt@us.ibm.com	Patch Vendor Advisory
http://www.securityfocus.com/bid/74222	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032190	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg1PI33357	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21697368	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/bid/74222	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032190	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History