CVE-2015-7418

MEDIUM

IBM WebSphere - Info Disclosure

Title source: llm

Description

IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information.

References (2)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21971657

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/83634

Scores

CVSS v3 4.4

EPSS 0.0006

EPSS Percentile 17.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (15)

ibm/websphere_extreme_scale

IBM Corporation/WebSphere DataPower XC10 Appliance < 1.0

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.0

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.1

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.1.0.3

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.0.0.1

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.0.0.2

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.0.0.3

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.1.0.1

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.1.0.2

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.5

IBM Corporation/WebSphere DataPower XC10 Appliance < 2.5.0.1

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026