CVE-2015-7490

LOW

IBM InfoSphere Information Server <11.5 - Auth Bypass

Title source: llm
STIX 2.1

Description

IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035125
Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54787
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21975827

Scores

CVSS v3 3.1
EPSS 0.0114
EPSS Percentile 62.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-284
Status published
Products (13)
ibm/infosphere_information_server 8.5
ibm/infosphere_information_server 8.5.0.1
ibm/infosphere_information_server 8.5.0.2
ibm/infosphere_information_server 8.5.0.3
ibm/infosphere_information_server 8.7
ibm/infosphere_information_server 8.7.0.1
ibm/infosphere_information_server 8.7.0.2
ibm/infosphere_information_server 9.1
ibm/infosphere_information_server 9.1.0.1
ibm/infosphere_information_server 9.1.2
... and 3 more
Published Mar 03, 2016
Tracked Since Feb 18, 2026