CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7818 – IBM System Networking Switch Center Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-7818
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. El servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a usuarios locales ejecutar código JSP arbitrario con privilegios SYSTEM usando el método de lanzamiento Apache Axis AdminService para instalar un archivo .jsp. This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. Because this service offers access to the Apache Axis AdminService, an unprivileged local attacker can publish arbitrary classes with the deployment method. • http://www.zerodayinitiative.com/advisories/ZDI-15-551 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 24%CPEs: 2EXPL: 0CVE-2015-7819 – IBM System Networking Switch Center DB Service Remote Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2015-7819
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. El servicio DB en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener información sensible de la cuenta administrador a través de una petición al puerto 40999, según lo demostrado por una contraseña cifrada incorrectamente. This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC DB Service, that listens by default on port 40999. This service allows an unauthenticated user to obtain the account details for the SNSC Administrator, including the password. • http://www.zerodayinitiative.com/advisories/ZDI-15-552 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-255: Credentials Management Errors •
CVSS: 7.1EPSS: 25%CPEs: 2EXPL: 0CVE-2015-7820 – IBM System Networking Switch Center ZipDownload.jsp Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-7820
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443. Condición de carrera en el servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener acceso a cuentas privilegiadas, y consecuentemente proveer una entrada ZipDownload.jsp que contiene secuencias de salto de directorio para leer archivos de texto arbitrarios, a través de una petición al puerto 40080 o 40443. This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is the ability to specify any file on the system in ZipDownload.jsp. • http://www.zerodayinitiative.com/advisories/ZDI-15-554 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 25%CPEs: 2EXPL: 0CVE-2015-7817 – IBM System Networking Switch Center FileReader.jsp Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-7817
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443. Condición de carrera en el servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener acceso a cuentas privilegiadas, y consecuentemente proveer una entrada FileReader.jsp que contiene secuencias de salto de directorio para leer archivos de texto arbitrarios, a través de una petición al puerto 40080 o 40443. This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is a directory traversal vulnerability in FileReader.jsp. • http://www.zerodayinitiative.com/advisories/ZDI-15-553 https://support.lenovo.com/us/en/product_security/len_2015_074 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •