CVE-2015-1882

IBM WebSphere Application Server 8.5 Liberty Profile < 8.5.5.5 - Privilege Escalation via EJB Race Condition

Title source: llm
STIX 2.1

Description

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74222
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032190
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI33357
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21697368

Scores

EPSS 0.0304
EPSS Percentile 85.8%

Details

CWE
CWE-362
Status published
Products (8)
ibm/websphere_application_server 8.5.0.0
ibm/websphere_application_server 8.5.0.1
ibm/websphere_application_server 8.5.0.2
ibm/websphere_application_server 8.5.5.0
ibm/websphere_application_server 8.5.5.1
ibm/websphere_application_server 8.5.5.2
ibm/websphere_application_server 8.5.5.3
ibm/websphere_application_server 8.5.5.4
Published Apr 27, 2015
Tracked Since Feb 18, 2026