CVE-2015-1920
IBM WebSphere Application Server 6.1-6.1.0.47, 7.0 < 7.0.0.39, 8.0 < 8.0.0.11, 8.5 < 8.5.5.6 - RCE via Management Port
Title source: llmDescription
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21883573
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74439
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032249
Not Applicable vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI38302
Scores
EPSS
0.0688
EPSS Percentile
93.3%
Details
CWE
CWE-284
Status
published
Products (50)
ibm/websphere_application_server
6.1
ibm/websphere_application_server
6.1.0
ibm/websphere_application_server
6.1.0.0
ibm/websphere_application_server
6.1.0.1
ibm/websphere_application_server
6.1.0.2
ibm/websphere_application_server
6.1.0.3
ibm/websphere_application_server
6.1.0.5
ibm/websphere_application_server
6.1.0.7
ibm/websphere_application_server
6.1.0.9
ibm/websphere_application_server
6.1.0.11
... and 40 more
Published
May 20, 2015
Tracked Since
Feb 18, 2026