VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 8, 2015· Updated May 6, 2026

CVE-2015-4963

CVE-2015-4963

Description

IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

Affected products

26
  • IBM/Security Access Manager For Web26 versions
    cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.22:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.31:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.