JSP Code Execution Flaw in IBM and Lenovo Networking Products
CVE-2015-7818

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 November 2015

Summary

The administration-panel web service in IBM System Networking Switch Center and Lenovo Switch Center versions prior to the specified updates allows unauthorized local users to execute arbitrary JSP code. This can be achieved using the Apache Axis AdminService deployment method to upload a malicious .jsp file, granting SYSTEM privileges which may lead to further exploitation of the system.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.