CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-7820

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.3%

CVSS Severity

CVSS v2 Score 7.1

References

http://www.zerodayinitiative.com/advisories/ZDI-15-554/
https://support.lenovo.com/us/en/product_security/len_2015_074
http://www.zerodayinitiative.com/advisories/ZDI-15-554/
https://support.lenovo.com/us/en/product_security/len_2015_074

Products affected by CVE-2015-7820

Ibm » System Networking Switch Center » Version: Any

cpe:2.3:a:ibm:system_networking_switch_center:*
Lenovo » Switch Center » Version: Any

cpe:2.3:a:lenovo:switch_center:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-7820

Products

Pricing

Contact Us