IBM Support

Security Bulletin: Security Vulnerability within IBM WebSphere Application Server that shipped with WebSphere Enterprise Service Bus Registry Edition (CVE-2015-1920)

Created by Adam Clark on
Published URL:
https://www.ibm.com/support/pages/node/534385
534385

Security Bulletin


Summary

WebSphere Application Server that is provided with WebSphere Enterprise Service Bus Registry Edition could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.

Vulnerability Details

The vulnerability is fixed with an available interim fix. For more information on the fix see Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-1920)

Affected Products and Versions

WebSphere Enterprise Service Bus Registry Edition (All Versions)

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

4th September 2015: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSFNNX","label":"WebSphere Enterprise Service Bus Registry Edition"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21963793