CVE-2015-1920

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 6.1 through 6.1.0.47 IBM WebSphere Application Server versions 7.0 before 7.0.0.39 IBM WebSphere Application Server versions 8.0 before 8.0.0.11 IBM WebSphere Application Server versions 8.5 before 8.5.5.6

Description The issue is related to insufficient access control in the WebSphere Application Server, allowing remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. This can be achieved through a specially formed sequence of instructions sent to the management port.

Recommendations For versions 6.1 through 6.1.0.47, update to a version after 6.1.0.47. For versions 7.0 before 7.0.0.39, update to version 7.0.0.39 or later. For versions 8.0 before 8.0.0.11, update to version 8.0.0.11 or later. For versions 8.5 before 8.5.5.6, update to version 8.5.5.6 or later. As a temporary workaround, consider restricting access to the management port to minimize the risk of exploitation.