IBM Support

PI35180: CVE-2015-1946 Gain elevated privileges with user roles with VE

Download


Abstract

CVE-2015-1946 Gain elevated privileges with user roles with Virtual Enterprise (VE)

Download Description

PI35180 resolves the following problem:

ERROR DESCRIPTION:
IBM WebSphere Application Server 8.5 and IBM WebSphere Virtual Enterprise 7.0 could allow a local attacker to gain elevated privileges on the system cause by the user roles not being handled properly.

LOCAL FIX:
n/a

PROBLEM SUMMARY:
IBM WebSphere Application Server 8.5 and IBM WebSphere Virtual Enterprise 7.0 could allow a local attacker to gain elevated privileges on the system cause by the user roles not being handled properly.

PROBLEM CONCLUSION:
IBM WebSphere Application Server 8.5 and IBM WebSphere Virtual Enterprise 7.0 could allow a local attacker to gain elevated privileges on the system cause by the user roles not being handled properly.

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

[{"INLabel":"Readme","INLang":"US English","INSize":"2770","INURL":"ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PI35180/8.5.5.5/readme.txt"}]
On
[{"DNLabel":"8.5.5.0-WS-WASND-IFPI35180","DNDate":"06-17-2015","DNLang":"US English","DNSize":"309882","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www-933.ibm.com/eserver/support/fixes/fixcentral/swgquickorder?fixes=8.5.5.0-WS-WASND-IFPI35180&productid=WebSphere%20Application%20Server&brandid=5","DNURL_FTP":null,"DDURL":null}]

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF013","label":"Inspur K-UX"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5.2;8.5.5.3;8.5.5.4;8.5.5.5","Edition":"Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg24040235

Page Feedback