PT-2015-7628 · Lenovo+2 · Lenovo Switch Center+2

Rgod

Published

2015-11-10

Updated

2015-11-12

CVE-2015-7818

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IBM System Networking Switch Center versions prior to 7.3.1.5 Lenovo Switch Center versions prior to 8.1.2.0

Description The issue allows local users to execute arbitrary JSP code with SYSTEM privileges. This is achieved by using the Apache Axis AdminService deployment method to install a .jsp file.

Recommendations For IBM System Networking Switch Center versions prior to 7.3.1.5, update to version 7.3.1.5 or later. For Lenovo Switch Center versions prior to 8.1.2.0, update to version 8.1.2.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-7818

ZDI-15-551

Affected Products

Apache Axis

Ibm System Networking Switch Center

Lenovo Switch Center

PT-2015-7628 · Lenovo+2 · Lenovo Switch Center+2

CVE-2015-7818

Weakness Enumeration

Related Identifiers

Affected Products

References · 4