Details of VAR-201504-0378

ID

VAR-201504-0378

CVE

CVE-2015-1893

TITLE

IBM WebSphere DataPower XC10 Vulnerability in the appliance to hijack arbitrary user sessions

Trust: 0.8

sources: JVNDB: JVNDB-2015-002102

DESCRIPTION

The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors. IBM WebSphere DataPower XC10 Appliance is prone to a session-hijacking vulnerability. An attacker can leverage this issue to gain unauthorized access to the affected application. IBM WebSphere DataPower XC10 Appliance 2.1 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications

Trust: 1.98

sources: NVD: CVE-2015-1893 // JVNDB: JVNDB-2015-002102 // BID: 73916 // VULHUB: VHN-79854

AFFECTED PRODUCTS

vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.0	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.1	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1.0.2	Trust: 1.6
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	eq	version:	2.1.0.3	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 the appliance	scope:	lt	version:	2.1	Trust: 0.8
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	websphere datapower xc10 appliance	scope:	ne	version:	2.13	Trust: 0.3

sources: BID: 73916 // JVNDB: JVNDB-2015-002102 // CNNVD: CNNVD-201504-081 // NVD: CVE-2015-1893

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1893
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-1893
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-081
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-79854
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-1893
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-79854
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-79854 // JVNDB: JVNDB-2015-002102 // CNNVD: CNNVD-201504-081 // NVD: CVE-2015-1893

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-79854 // JVNDB: JVNDB-2015-002102 // NVD: CVE-2015-1893

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-081

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201504-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002102

PATCH

title:	1701337	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21701337	Trust: 0.8
title:	XC10-2.1.0.3-IT07840-cf31514.30214411-9235	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54797	Trust: 0.6

sources: JVNDB: JVNDB-2015-002102 // CNNVD: CNNVD-201504-081

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1893	Trust: 2.8
db:	BID	id:	73916	Trust: 1.4
db:	SECTRACK	id:	1032025	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002102	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-081	Trust: 0.7
db:	VULHUB	id:	VHN-79854	Trust: 0.1

sources: VULHUB: VHN-79854 // BID: 73916 // JVNDB: JVNDB-2015-002102 // CNNVD: CNNVD-201504-081 // NVD: CVE-2015-1893

REFERENCES

url:	http://www-01.ibm.com/support/docview.wss?uid=swg21701337	Trust: 2.0
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1it07841	Trust: 1.7
url:	http://www.securityfocus.com/bid/73916	Trust: 1.1
url:	http://www.securitytracker.com/id/1032025	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1893	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1893	Trust: 0.8
url:	http://www.ibm.com	Trust: 0.3
url:	http://www-03.ibm.com/software/products/en/datapower-xc10	Trust: 0.3

sources: VULHUB: VHN-79854 // BID: 73916 // JVNDB: JVNDB-2015-002102 // CNNVD: CNNVD-201504-081 // NVD: CVE-2015-1893

CREDITS

IBM

Trust: 0.3

sources: BID: 73916

SOURCES

db:	VULHUB	id:	VHN-79854
db:	BID	id:	73916
db:	JVNDB	id:	JVNDB-2015-002102
db:	CNNVD	id:	CNNVD-201504-081
db:	NVD	id:	CVE-2015-1893

LAST UPDATE DATE

2025-04-13T23:21:17.585000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-79854	date:	2016-08-04T00:00:00
db:	BID	id:	73916	date:	2015-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-002102	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-081	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-1893	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-79854	date:	2015-04-06T00:00:00
db:	BID	id:	73916	date:	2015-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-002102	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-081	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-1893	date:	2015-04-06T00:59:06.893