JSP Code Execution Flaw in IBM and Lenovo Networking Products
CVE-2015-7818
Currently unrated
Summary
The administration-panel web service in IBM System Networking Switch Center and Lenovo Switch Center versions prior to the specified updates allows unauthorized local users to execute arbitrary JSP code. This can be achieved using the Apache Axis AdminService deployment method to upload a malicious .jsp file, granting SYSTEM privileges which may lead to further exploitation of the system.
References
Timeline
Vulnerability published
Vulnerability Reserved