CVE-2015-1882

Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.

Published: Apr 27, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-1882
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
ibm / websphere_application_server	8.5.0.2	8.5.0.2.x
ibm / websphere_application_server	8.5.5.1	8.5.5.1.x
ibm / websphere_application_server	8.5.5.0	8.5.5.0.x
ibm / websphere_application_server	8.5.5.4	8.5.5.4.x
ibm / websphere_application_server	8.5.0.1	8.5.0.1.x
ibm / websphere_application_server	8.5.0.0	8.5.0.0.x
ibm / websphere_application_server	8.5.5.3	8.5.5.3.x
ibm / websphere_application_server	8.5.5.2	8.5.5.2.x

http://www-01.ibm.com/support/docview.wss?uid=swg1PI33357
http://www-01.ibm.com/support/docview.wss?uid=swg21697368
http://www.securityfocus.com/bid/74222
http://www.securitytracker.com/id/1032190

Vulnerability Database

CVE-2015-1882