CVE-2015-7820
IBM System Networking Switch Center <7.3.1.5 - Privilege Escalation
Title source: llmDescription
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-554/
Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/len_2015_074
Scores
EPSS
0.0021
EPSS Percentile
42.9%
Details
CWE
CWE-362
Status
published
Products (2)
ibm/system_networking_switch_center
< 7.3.1.4
lenovo/switch_center
< 8.1.1.0
Published
Nov 12, 2015
Tracked Since
Feb 18, 2026