CVE-2015-7817

Name of the Vulnerable Software and Affected Versions IBM System Networking Switch Center versions prior to 7.3.1.5 Lenovo Switch Center versions prior to 8.1.2.0

Description The issue allows remote attackers to obtain privileged-account access due to a race condition in the administration-panel web service. This access can be used to provide FileReader.jsp input containing directory traversal sequences, enabling the reading of arbitrary text files via a request to port 40080 or 40443.

Recommendations For IBM System Networking Switch Center versions prior to 7.3.1.5, update to version 7.3.1.5 or later. For Lenovo Switch Center versions prior to 8.1.2.0, update to version 8.1.2.0 or later. As a temporary workaround, consider restricting access to the administration-panel web service and the FileReader.jsp page to minimize the risk of exploitation.