Vulnerability in Ibm Security_access_manager_for_web

CVE-2015-4963

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

EPSS: 0.008 (73.6th percentile) — read the EPSS interpretation.

Affected products

Ibm Security_access_manager_for_web — versions 7.0, 7.0.0.1, 7.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-17

References

1034103 (vdb-entry, x_refsource_SECTRACK)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
IV71196 (vendor-advisory, x_refsource_AIXAPAR)