Vulnerability Details : CVE-2015-1893
The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors.
Products affected by CVE-2015-1893
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:websphere_datapower_xc10_appliance_firmware:2.1.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1893
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1893
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-1893
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1893
-
http://www-01.ibm.com/support/docview.wss?uid=swg21701337
IBM Security Bulletin: WebSphere DataPower Appliance V2.1 Validation Vulnerability CVE-2015-1893Vendor Advisory;Patch
-
http://www.securitytracker.com/id/1032025
IBM WebSphere DataPower Input Validation Bug Lets Remote Users Hijack Sessions - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/73916
IBM WebSphere DataPower XC10 Appliance CVE-2015-1893 Session Hijacking VulnerabilityThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IT07841
IBM notice: The page you requested cannot be displayedVendor Advisory
Jump to