CVE-2015-1895 - Vulnerability Details - OpenCVE

IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00251.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Optim Workload Replay

Configuration 1 [-]

OR	cpe:2.3:a:ibm:optim_workload_replay:2.1:::::::*
	cpe:2.3:a:ibm:optim_workload_replay:2.1.0.1:::::::*
	cpe:2.3:a:ibm:optim_workload_replay:2.1.0.2:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2015-2000	IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21700768
http://www.securityfocus.com/bid/74442

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2015-05-25T00:00:00

Updated: 2024-08-06T04:54:16.558Z

Reserved: 2015-02-19T00:00:00

Link: CVE-2015-1895

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-05-25T00:59:04.747

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-1895

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-07-22T16:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "74442", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74442"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-1895", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "74442", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74442"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.558Z"}, "title": "CVE Program Container", "references": [{"name": "74442", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74442"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-1895", "datePublished": "2015-05-25T00:00:00", "dateReserved": "2015-02-19T00:00:00", "dateUpdated": "2024-08-06T04:54:16.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:optim_workload_replay:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D9182CA-12ED-4256-B5C0-B0E5F4EAF9C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:optim_workload_replay:2.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C596930-0D9C-427D-B3E3-377F3358BE71", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:optim_workload_replay:2.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C4A8412F-DADF-4F81-99A5-9871B02DAD34", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client behavior."}, {"lang": "es", "value": "IBM InfoSphere Optim Workload Replay 2.x anterior a 2.1.0.3 depende de c\u00f3digo del lado del cliente para verificar la autorizaci\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso mediante la modificaci\u00f3n del comportamiento del cliente."}], "id": "CVE-2015-1895", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-25T00:59:04.747", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74442"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}