CVE-2015-1920

IBM WebSphere Application Server 6.1-6.1.0.47, 7.0 < 7.0.0.39, 8.0 < 8.0.0.11, 8.5 < 8.5.5.6 - RCE via Management Port

Title source: llm
STIX 2.1

Description

IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21883573
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74439
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032249
Not Applicable vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI38302

Scores

EPSS 0.0688
EPSS Percentile 93.3%

Details

CWE
CWE-284
Status published
Products (50)
ibm/websphere_application_server 6.1
ibm/websphere_application_server 6.1.0
ibm/websphere_application_server 6.1.0.0
ibm/websphere_application_server 6.1.0.1
ibm/websphere_application_server 6.1.0.2
ibm/websphere_application_server 6.1.0.3
ibm/websphere_application_server 6.1.0.5
ibm/websphere_application_server 6.1.0.7
ibm/websphere_application_server 6.1.0.9
ibm/websphere_application_server 6.1.0.11
... and 40 more
Published May 20, 2015
Tracked Since Feb 18, 2026