File Manipulation Flaw in IBM Security Access Manager for Web
CVE-2015-4963

Currently unrated

Key Information:

Vendor: IBM
Status: Security Access Manager For Web
Vendor: CVE Published:; 8 November 2015

What is CVE-2015-4963?

A vulnerability in IBM Security Access Manager for Web allows unauthorized access through mishandling of WebSEAL HTTPTransformation requests, enabling remote attackers to read or write arbitrary files. This flaw impacts versions 7.x prior to 7.0.0.16 and 8.x prior to 8.0.1.3, creating opportunities for data breaches and unauthorized modifications.

References

http://www.securitytracker.com/id/1034103

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg21964828

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IV71196

vendor-advisoryx_refsource_AIXAPAR

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Jun 24, 2015