Vulnerability Details CVE-2015-1885
WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.5%
CVSS Severity
CVSS v2 Score 9.3
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211
- http://www-01.ibm.com/support/docview.wss?uid=swg21697368
- http://www-01.ibm.com/support/docview.wss?uid=swg21963275
- http://www.securityfocus.com/bid/74219
- http://www.securitytracker.com/id/1032190
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI33202
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI36211
- http://www-01.ibm.com/support/docview.wss?uid=swg21697368
- http://www-01.ibm.com/support/docview.wss?uid=swg21963275
- http://www.securityfocus.com/bid/74219
- http://www.securitytracker.com/id/1032190
Products affected by CVE-2015-1885
-
cpe:2.3:a:ibm:websphere_application_server:7.0
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.10
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.11
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.12
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.13
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.14
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.15
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.16
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.17
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.18
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.19
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.2
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.21
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.22
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.23
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.24
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.25
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.27
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.29
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.31
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.32
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.33
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.34
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.35
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.36
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.37
-
cpe:2.3:a:ibm:websphere_application_server:7.0.0.38
-
cpe:2.3:a:ibm:websphere_application_server:8.5.0.0
-
cpe:2.3:a:ibm:websphere_application_server:8.5.0.1
-
cpe:2.3:a:ibm:websphere_application_server:8.5.0.2
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.0
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.1
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.2
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.3
-
cpe:2.3:a:ibm:websphere_application_server:8.5.5.4