CVE-2015-7818

Published: Nov 12, 2015Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

Affected (2)

Products: Ibm: System Networking Switch Center · Lenovo: Switch Center

1 product

System Networking Switch Center

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm System Networking Switch Center	Up to 7.3.1.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Switch Center	Up to 8.1.1.0

Related CWEs

References (4)

http://www.zerodayinitiative.com/advisories/ZDI-15-551/

Source: cve@mitre.org

https://support.lenovo.com/us/en/product_security/len_2015_074

Source: cve@mitre.org

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-15-551/

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.lenovo.com/us/en/product_security/len_2015_074

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.