Sign-up

ID

VAR-201508-0385


CVE

CVE-2015-1970


TITLE

IBM WebSphere DataPower XC10 Vulnerability in obtaining important information in appliances

Trust: 0.8

sources: JVNDB: JVNDB-2015-003974

DESCRIPTION

The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere. IBM WebSphere DataPower XC10 Appliance is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. IBM WebSphere DataPower XC10 is a high-speed cache platform of IBM Corporation in the United States. The platform enables distributed caching of data with little to no change to existing applications

Trust: 1.98

sources: NVD: CVE-2015-1970 // JVNDB: JVNDB-2015-003974 // BID: 76133 // VULHUB: VHN-79931

AFFECTED PRODUCTS

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.0

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1.0.3

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.1

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.3

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1.0.1

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.4

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.2

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1.0.0

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1.0.2

Trust: 1.6

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1.0.3 for up to 2.1

Trust: 0.8

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5.0.4 for up to 2.5

Trust: 0.8

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.5

Trust: 0.3

vendor:ibmmodel:websphere datapower xc10 appliancescope:eqversion:2.1

Trust: 0.3

sources: BID: 76133 // JVNDB: JVNDB-2015-003974 // CNNVD: CNNVD-201508-007 // NVD: CVE-2015-1970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1970
value: LOW

Trust: 1.0

NVD: CVE-2015-1970
value: LOW

Trust: 0.8

CNNVD: CNNVD-201508-007
value: LOW

Trust: 0.6

VULHUB: VHN-79931
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-1970
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79931
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-79931 // JVNDB: JVNDB-2015-003974 // CNNVD: CNNVD-201508-007 // NVD: CVE-2015-1970

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-79931 // JVNDB: JVNDB-2015-003974 // NVD: CVE-2015-1970

THREAT TYPE

local

Trust: 0.9

sources: BID: 76133 // CNNVD: CNNVD-201508-007

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201508-007

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003974

PATCH
title:1962861url:http://www-01.ibm.com/support/docview.wss?uid=swg21962861
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003974

EXTERNAL IDS
db:NVDid:CVE-2015-1970
Trust: 2.8
db:JVNDBid:JVNDB-2015-003974
Trust: 0.8
db:CNNVDid:CNNVD-201508-007
Trust: 0.7
db:BIDid:76133
Trust: 0.4
db:VULHUBid:VHN-79931
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79931 // 
            
            
            
            BID: 76133 // 
            
            
            
            JVNDB: JVNDB-2015-003974 // 
            
            
            
            CNNVD: CNNVD-201508-007 // 
            
            
            
            NVD: CVE-2015-1970

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21962861
Trust: 2.0
url:http://www-01.ibm.com/support/docview.wss?uid=swg1it09803
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1970
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1970
Trust: 0.8
url:http://www.ibm.com
Trust: 0.3
url:http://www-03.ibm.com/software/products/en/datapower-xc10
Trust: 0.3
sources:
            
            
            VULHUB: VHN-79931 // 
            
            
            
            BID: 76133 // 
            
            
            
            JVNDB: JVNDB-2015-003974 // 
            
            
            
            CNNVD: CNNVD-201508-007 // 
            
            
            
            NVD: CVE-2015-1970

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 76133

SOURCES
db:VULHUBid:VHN-79931
db:BIDid:76133
db:JVNDBid:JVNDB-2015-003974
db:CNNVDid:CNNVD-201508-007
db:NVDid:CVE-2015-1970

LAST UPDATE DATE
2025-04-13T23:39:37.625000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79931date:2015-08-04T00:00:00
db:BIDid:76133date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003974date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201508-007date:2015-08-06T00:00:00
db:NVDid:CVE-2015-1970date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-79931date:2015-08-03T00:00:00
db:BIDid:76133date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003974date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201508-007date:2015-08-04T00:00:00
db:NVDid:CVE-2015-1970date:2015-08-03T19:59:02.923