CVE-2015-1946 - Vulnerability Details

Vendors	Products
Ibm	Websphere Application Server Websphere Virtual Enterprise

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180
http://www-01.ibm.com/support/docview.wss?uid=swg21959083
http://www.securityfocus.com/bid/75496

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "PI35180", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"name": "75496", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75496"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-1946", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "PI35180", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"name": "75496", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75496"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:02:41.811Z"}, "title": "CVE Program Container", "references": [{"name": "PI35180", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"name": "75496", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75496"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-1946", "datePublished": "2015-07-14T17:00:00", "dateReserved": "2015-02-19T00:00:00", "dateUpdated": "2024-08-06T05:02:41.811Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-06-30T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-11-25T19:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : PI35180 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21959083 (string)

}

2 : { »

name : 75496 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/75496 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2015-1946 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : PI35180 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180 (string)

}

1 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21959083 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21959083 (string)

}

2 : { »

name : 75496 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/75496 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T05:02:41.811Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : PI35180 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21959083 (string)

}

2 : { »

name : 75496 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/75496 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2015-1946 (string)

datePublished : 2015-07-14T17:00:00 (string)

dateReserved : 2015-02-19T00:00:00 (string)

dateUpdated : 2024-08-06T05:02:41.811Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF1667C5-D19B-469C-82D5-8406B6D75EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC1D7570-4AB4-44B0-B5ED-D103F0946F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E709E36-B5D0-42E5-A305-AF385FD7F347", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "49506702-1B31-4421-8DEE-5B789272EC6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "158777FD-83D1-44B9-83B4-A3F490CA76F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDA2FE6B-6E42-4E97-B803-DAB671D30FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "72F5A562-5B2E-4BC7-8A81-EFE5ED265803", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "168E2F18-56C6-4789-BBAC-C99D4792046F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "B53EBD40-8E1A-4516-927D-ED1CF212B211", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B812D190-1946-42DA-B40A-C9F2C623D2C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "58A4313D-8666-4F9D-AFE4-22D51F9ABAF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "395CFBE6-C129-4A30-8C61-4F02A1672ABF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A7B691E4-0062-4541-A826-E8DEAC71BC84", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "51F81483-22B2-4B3A-BB7F-6B2CEAFD3DC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "WebSphere Application Server (WAS) 8.5 anteriores a 8.5.5.6 y WebSphere Virtual Enterprise 7.0 anteriores a 7.0.0.6 para WebSphere Application Server (WAS) 7.0 y 8.0, no tienen los roles de usuarios correctamente implementados lo que permite a un usuario local obtener privilegios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-1946", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-14T17:59:02.323", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/75496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75496"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B0905C80-A1BA-49CD-90CA-9270ECC3940C (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : AF1667C5-D19B-469C-82D5-8406B6D75EDE (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1FD8F9CE-4E98-4187-B84A-429FA1C65E2D (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FC1D7570-4AB4-44B0-B5ED-D103F0946F63 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E709E36-B5D0-42E5-A305-AF385FD7F347 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 49506702-1B31-4421-8DEE-5B789272EC6E (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 158777FD-83D1-44B9-83B4-A3F490CA76F4 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : EDA2FE6B-6E42-4E97-B803-DAB671D30FF5 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 72F5A562-5B2E-4BC7-8A81-EFE5ED265803 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 168E2F18-56C6-4789-BBAC-C99D4792046F (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:* (string)

matchCriteriaId : B53EBD40-8E1A-4516-927D-ED1CF212B211 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : FC95AD4F-9A31-46EB-9B69-D2143AAACB40 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : B812D190-1946-42DA-B40A-C9F2C623D2C8 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 58A4313D-8666-4F9D-AFE4-22D51F9ABAF1 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 395CFBE6-C129-4A30-8C61-4F02A1672ABF (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : A7B691E4-0062-4541-A826-E8DEAC71BC84 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 51F81483-22B2-4B3A-BB7F-6B2CEAFD3DC9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : WebSphere Application Server (WAS) 8.5 anteriores a 8.5.5.6 y WebSphere Virtual Enterprise 7.0 anteriores a 7.0.0.6 para WebSphere Application Server (WAS) 7.0 y 8.0, no tienen los roles de usuarios correctamente implementados lo que permite a un usuario local obtener privilegios a través de vectores no especificados. (string)

}

]

id : CVE-2015-1946 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-07-14T17:59:02.323 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21959083 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

url : http://www.securityfocus.com/bid/75496 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21959083 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/75496 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object