{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "PI35180", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"name": "75496", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75496"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-1946", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "PI35180", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"name": "75496", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75496"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:02:41.811Z"}, "title": "CVE Program Container", "references": [{"name": "PI35180", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"name": "75496", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75496"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-1946", "datePublished": "2015-07-14T17:00:00", "dateReserved": "2015-02-19T00:00:00", "dateUpdated": "2024-08-06T05:02:41.811Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF1667C5-D19B-469C-82D5-8406B6D75EDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FD8F9CE-4E98-4187-B84A-429FA1C65E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC1D7570-4AB4-44B0-B5ED-D103F0946F63", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E709E36-B5D0-42E5-A305-AF385FD7F347", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "49506702-1B31-4421-8DEE-5B789272EC6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "158777FD-83D1-44B9-83B4-A3F490CA76F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "EDA2FE6B-6E42-4E97-B803-DAB671D30FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "72F5A562-5B2E-4BC7-8A81-EFE5ED265803", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "168E2F18-56C6-4789-BBAC-C99D4792046F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "B53EBD40-8E1A-4516-927D-ED1CF212B211", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC95AD4F-9A31-46EB-9B69-D2143AAACB40", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B812D190-1946-42DA-B40A-C9F2C623D2C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "58A4313D-8666-4F9D-AFE4-22D51F9ABAF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "395CFBE6-C129-4A30-8C61-4F02A1672ABF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A7B691E4-0062-4541-A826-E8DEAC71BC84", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "51F81483-22B2-4B3A-BB7F-6B2CEAFD3DC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors."}, {"lang": "es", "value": "WebSphere Application Server (WAS) 8.5 anteriores a 8.5.5.6 y WebSphere Virtual Enterprise 7.0 anteriores a 7.0.0.6 para WebSphere Application Server (WAS) 7.0 y 8.0, no tienen los roles de usuarios correctamente implementados lo que permite a un usuario local obtener privilegios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-1946", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-07-14T17:59:02.323", "references": [{"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/75496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI35180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959083"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/75496"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}