Vulnerability Details : CVE-2015-2027
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
Products affected by CVE-2015-2027
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2027
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2027
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2015-2027
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2027
-
http://www-01.ibm.com/support/docview.wss?uid=swg21966044
IBM Security Bulletin: : The WebSphere eXtreme Scale 7.1.0 and 7.1.1 monitoring console lacks protection for various vulnerabilities. (CVE-2015-2025 CVE-2015-2026 CVE-2015-2027 CVE-2015-2028 CVE-2015-Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44105
IBM PI44105: The WebSphere eXtreme Scale 7.1.0 monitoring console lacks protection for various vulnerabilities.Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI44098
IBM PI44098: The WebSphere eXtreme Scale 7.1.1, 8.5, and 8.6 monitoring console lacks protection for various vulnerabilities.Patch;Vendor Advisory
Jump to