CVE-2015-1885

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.38 IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.10 IBM WebSphere Application Server (WAS) 8.5 Liberty Profile versions prior to 8.5.5.5 IBM WebSphere Application Server (WAS) 8.5 Full Profile versions prior to 8.5.5.6

Description The issue allows remote attackers to gain privileges via unspecified vectors when the OAuth grant type requires sending a password.

Recommendations For IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.38, update to version 7.0.0.39 or later. For IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.10, update to version 8.0.0.11 or later. For IBM WebSphere Application Server (WAS) 8.5 Liberty Profile versions prior to 8.5.5.5, update to version 8.5.5.5 or later. For IBM WebSphere Application Server (WAS) 8.5 Full Profile versions prior to 8.5.5.6, update to version 8.5.5.6 or later.