ByteOS Network

NVD Vulnerability Details :

CVE-2015-2027

Deferred

Source-psirt@us.ibm.com

Published At-04 Oct, 2015 | 02:59

Updated At-12 Apr, 2025 | 10:46

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

IBM Corporation

>>websphere_extreme_scale>>7.1.0

cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*

IBM Corporation

>>websphere_extreme_scale>>7.1.0.2

cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_extreme_scale>>7.1.1

cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

Evaluator Description

Per http://www-01.ibm.com/support/docview.wss?uid=swg21966044: " IBM WebSphere Extreme Scale could allow a local user to bypass security on another user's session due to it improperly logging out the previous user."

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098	psirt@us.ibm.com	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105	psirt@us.ibm.com	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21966044	psirt@us.ibm.com	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21966044	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History