Vulnerability-Lookup

CVE-2015-7818 (GCVE-0-2015-7818)

Vulnerability from cvelistv5 – Published: 2015-11-12 02:00 – Updated: 2024-08-06 07:59

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2015-07514

Vulnerability from cnvd - Published: 2015-11-13

Title

Lenovo Switch Center本地提权漏洞

Description

Lenovo Switch Center（前称IBM System Networking Switch Center）是中国联想（Lenovo）公司的一套用来远程监控和管理以太网融合交换机的应用程序。 IBM System Networking Switch Center 7.1.3.4及之前版本和Lenovo Switch Center 8.1.1.0版本存在本地提权漏洞。由于程序允许访问Apache Axis AdminService，本地攻击者可利用该漏洞在服务器中安装任意.jsp文件。

Severity

高

Patch Name

Lenovo Switch Center本地提权漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://support.lenovo.com/us/en/product_security/len_2015_074

Reference

http://www.zerodayinitiative.com/advisories/ZDI-15-551

Impacted products

Name
['IBM System Networking Switch Center <=7.3.1.4', 'Lenovo Switch Center 8.1.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-7818"
    }
  },
  "description": "Lenovo Switch Center\uff08\u524d\u79f0IBM System Networking Switch Center\uff09\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u6765\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u4ee5\u592a\u7f51\u878d\u5408\u4ea4\u6362\u673a\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nIBM System Networking Switch Center 7.1.3.4\u53ca\u4e4b\u524d\u7248\u672c\u548cLenovo Switch Center 8.1.1.0\u7248\u672c\u5b58\u5728\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u5141\u8bb8\u8bbf\u95eeApache Axis AdminService\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u4e2d\u5b89\u88c5\u4efb\u610f.jsp\u6587\u4ef6\u3002",
  "discovererName": "rgod",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://support.lenovo.com/us/en/product_security/len_2015_074",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07514",
  "openTime": "2015-11-13",
  "patchDescription": "Lenovo Switch Center\uff08\u524d\u79f0IBM System Networking Switch Center\uff09\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u6765\u8fdc\u7a0b\u76d1\u63a7\u548c\u7ba1\u7406\u4ee5\u592a\u7f51\u878d\u5408\u4ea4\u6362\u673a\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\nIBM System Networking Switch Center 7.1.3.4\u53ca\u4e4b\u524d\u7248\u672c\u548cLenovo Switch Center 8.1.1.0\u7248\u672c\u5b58\u5728\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u5141\u8bb8\u8bbf\u95eeApache Axis AdminService\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u670d\u52a1\u5668\u4e2d\u5b89\u88c5\u4efb\u610f.jsp\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo Switch Center\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM System Networking Switch Center \u003c=7.3.1.4",
      "Lenovo Switch Center 8.1.1.0"
    ]
  },
  "referenceLink": "http://www.zerodayinitiative.com/advisories/ZDI-15-551",
  "serverity": "\u9ad8",
  "submitTime": "2015-11-12",
  "title": "Lenovo Switch Center\u672c\u5730\u63d0\u6743\u6f0f\u6d1e"
}

GSD-2015-7818

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-7818

Aliases

CVE-2015-7818

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-7818",
    "description": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.",
    "id": "GSD-2015-7818"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-7818"
      ],
      "details": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.",
      "id": "GSD-2015-7818",
      "modified": "2023-12-13T01:20:01.159642Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-7818",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"
          },
          {
            "name": "https://support.lenovo.com/us/en/product_security/len_2015_074",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.1.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7818"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/len_2015_074",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-11-12T19:04Z",
      "publishedDate": "2015-11-12T03:59Z"
    }
  }
}

VAR-201511-0264

Vulnerability from variot - Updated: 2025-04-13 23:23

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. Authentication is not required to exploit this vulnerability.The specific flaw exists within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. An attacker can leverage this access to install arbitrary .jsp files on the server, which will by default run under the context of SYSTEM. A local attacker can exploit this vulnerability to gain elevated privileges. The following products are affected: IBM System Networking Switch Center 7.1.3.4 and prior Lenovo Switch Center 8.1.1.0 and prior

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ibm",
        "version": "7.3.1.4"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "8.1.1.0"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "lenovo",
        "version": "8.1.1.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.3.1.5"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "lenovo",
        "version": "8.1.2.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": null,
        "trust": 0.7,
        "vendor": "ibm",
        "version": null
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.11"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.111"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.110"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1.2"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.4"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "_id": null,
        "model": "switch center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "8.1.2.0"
      },
      {
        "_id": null,
        "model": "system networking switch center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.1.5"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-551"
      },
      {
        "db": "BID",
        "id": "77548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7818"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ibm:system_networking_switch_center",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:lenovo:switch_center",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "rgod",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-551"
      },
      {
        "db": "BID",
        "id": "77548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      }
    ],
    "trust": 1.6
  },
  "cve": "CVE-2015-7818",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-7818",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 2.5,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-85779",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-7818",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-7818",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2015-7818",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-168",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85779",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-551"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7818"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. Authentication is not required to exploit this vulnerability.The specific flaw exists within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. An attacker can leverage this access to install arbitrary .jsp files on the server, which will by default run under the context of SYSTEM. \nA local attacker can exploit this vulnerability to gain elevated privileges. \nThe following products are affected:\nIBM System Networking Switch Center 7.1.3.4 and prior\nLenovo Switch Center 8.1.1.0 and prior",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7818"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-551"
      },
      {
        "db": "BID",
        "id": "77548"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85779"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7818",
        "trust": 3.5
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-551",
        "trust": 3.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-3008",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "77548",
        "trust": 0.4
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-89737",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-85779",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-551"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85779"
      },
      {
        "db": "BID",
        "id": "77548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7818"
      }
    ]
  },
  "id": "VAR-201511-0264",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85779"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:23:42.522000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "LEN-2015-074",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/product_security/len_2015_074"
      },
      {
        "title": "IBM has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
      },
      {
        "title": "Lenovo Switch Center Fixes for permission permissions and access control vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58662"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-551"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85779"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7818"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-551/"
      },
      {
        "trust": 2.7,
        "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7818"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7818"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-551"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85779"
      },
      {
        "db": "BID",
        "id": "77548"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7818"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-15-551",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-85779",
        "ident": null
      },
      {
        "db": "BID",
        "id": "77548",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7818",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2015-11-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-551",
        "ident": null
      },
      {
        "date": "2015-11-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85779",
        "ident": null
      },
      {
        "date": "2015-11-10T00:00:00",
        "db": "BID",
        "id": "77548",
        "ident": null
      },
      {
        "date": "2015-11-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005919",
        "ident": null
      },
      {
        "date": "2015-11-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-168",
        "ident": null
      },
      {
        "date": "2015-11-12T03:59:06.500000",
        "db": "NVD",
        "id": "CVE-2015-7818",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2015-11-10T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-551",
        "ident": null
      },
      {
        "date": "2015-11-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85779",
        "ident": null
      },
      {
        "date": "2015-11-10T00:00:00",
        "db": "BID",
        "id": "77548",
        "ident": null
      },
      {
        "date": "2015-11-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005919",
        "ident": null
      },
      {
        "date": "2015-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-168",
        "ident": null
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-7818",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "77548"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "IBM System Networking Switch Center and  Lenovo Switch Center In  SYSTEM Any at authority  JSP Code execution vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005919"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-168"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-7818

Vulnerability from fkie_nvd - Published: 2015-11-12 03:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-15-551/
cve@mitre.org	https://support.lenovo.com/us/en/product_security/len_2015_074	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-15-551/
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/len_2015_074	Vendor Advisory

Impacted products

	Vendor	Product	Version
	ibm	system_networking_switch_center	*
	lenovo	switch_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F78E25E-A371-486B-A7A4-C82F806266ED",
              "versionEndIncluding": "7.3.1.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B2AC6A9-DF5D-451C-83F6-BE2066527F30",
              "versionEndIncluding": "8.1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file."
    },
    {
      "lang": "es",
      "value": "El servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a usuarios locales ejecutar c\u00f3digo JSP arbitrario con privilegios SYSTEM usando el m\u00e9todo de lanzamiento Apache Axis AdminService para instalar un archivo .jsp."
    }
  ],
  "id": "CVE-2015-7818",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-11-12T03:59:06.500",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-Q752-6C9F-VMMC

Vulnerability from github – Published: 2022-05-17 04:02 – Updated: 2025-04-12 12:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-7818"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-11-12T03:59:00Z",
    "severity": "HIGH"
  },
  "details": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.",
  "id": "GHSA-q752-6c9f-vmmc",
  "modified": "2025-04-12T12:54:02Z",
  "published": "2022-05-17T04:02:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7818"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/len_2015_074"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-551"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-7818 (GCVE-0-2015-7818)

CNVD-2015-07514

GSD-2015-7818

VAR-201511-0264

FKIE_CVE-2015-7818

GHSA-Q752-6C9F-VMMC

Tags

Sightings

Nomenclature