Vulnerabilities > CVE-2015-4963 - Code vulnerability in IBM Security Access Manager for web

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ibm

CWE-17

NVD

Published: 2015-11-08

Updated: 2024-11-21

Summary

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Security Access Manager FOR WEB 8.0 IBM Security Access Manager FOR WEB 8.0.1.0 IBM Security Access Manager FOR WEB 7.0.0.6 IBM Security Access Manager FOR WEB 8.0.1.2 IBM Security Access Manager FOR WEB 7.0.0.7 IBM Security Access Manager FOR WEB 8.0.1.1 IBM Security Access Manager FOR WEB 7.0.0.3 IBM Security Access Manager FOR WEB 8.0.0.5 IBM Security Access Manager FOR WEB 7.0.0.8 IBM Security Access Manager FOR WEB 8.0.0.3 IBM Security Access Manager FOR WEB 7.0.0.5 IBM Security Access Manager FOR WEB 7.0.0.13 IBM Security Access Manager FOR WEB 8.0.0.2 IBM Security Access Manager FOR WEB 7.0.0.9 IBM Security Access Manager FOR WEB 8.0.0.22 IBM Security Access Manager FOR WEB 7.0.0.4 IBM Security Access Manager FOR WEB 7.0.0.1 IBM Security Access Manager FOR WEB 7.0.0.10 IBM Security Access Manager FOR WEB 8.0.0.31 IBM Security Access Manager FOR WEB 7.0.0.11 IBM Security Access Manager FOR WEB 7.0.0.2 IBM Security Access Manager FOR WEB 8.0.0.4 IBM Security Access Manager FOR WEB 7.0.0.14 IBM Security Access Manager FOR WEB 7.0 IBM Security Access Manager FOR WEB 7.0.0.15 IBM Security Access Manager FOR WEB 7.0.0.12	26

Common Weakness Enumeration (CWE)

CWE-17 - Code

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References