Security Bulletin
Summary
WebSphere Application Server that is provided with WebSphere Enterprise Service Bus Registry Edition could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
Vulnerability Details
The vulnerability is fixed with an available interim fix. For more information on the fix see Security Bulletin: Security Vulnerability in IBM WebSphere Application Server (CVE-2015-1920)
Affected Products and Versions
WebSphere Enterprise Service Bus Registry Edition (All Versions)
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
4th September 2015: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21963793