Vulnerability Description
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager For Web | 7.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196
- http://www-01.ibm.com/support/docview.wss?uid=swg21964828Vendor Advisory
- http://www.securitytracker.com/id/1034103
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196
- http://www-01.ibm.com/support/docview.wss?uid=swg21964828Vendor Advisory
- http://www.securitytracker.com/id/1034103
FAQ
What is CVE-2015-4963?
CVE-2015-4963 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via uns...
How severe is CVE-2015-4963?
CVE-2015-4963 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4963?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager For Web.