CVE-2015-7820

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:lenovo:switch_center:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ibm:system_networking_switch_center:*:*:*:*:*:*:*:*

Information

Published : 2015-11-11 19:59

Updated : 2015-11-12 10:46


NVD link : CVE-2015-7820

Mitre link : CVE-2015-7820


JSON object : View

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

dedicated server usa

Products Affected

ibm

  • system_networking_switch_center

lenovo

  • switch_center