Vulnerability CVE-2015-7818
Published: 2015-11-11   Modified: 2015-11-12

Description:
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Lenovo -> Switch center 
IBM -> System networking switch center 

 References:
https://support.lenovo.com/us/en/product_security/len_2015_074
http://www.zerodayinitiative.com/advisories/ZDI-15-551/
Copyright 2024, cxsecurity.com

 

Back to Top