CVE-2015-0110
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
Known Affected Software
19 configuration(s) from 1 vendor(s)
business_process_manager
Version:
8.0.1.0
CPE:
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*
websphere_application_server
Version:
7.2.0.2
CPE:
cpe:2.3:a:ibm:websphere_application_server:7.2.0.2:*:*:*:lombardi:*:*:*
websphere_application_server
Version:
7.2.0.5
CPE:
cpe:2.3:a:ibm:websphere_application_server:7.2.0.5:*:*:*:lombardi:*:*:*
business_process_manager
Version:
8.5.0.0
CPE:
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:-:*:*:*
business_process_manager
Version:
7.5.0.0
CPE:
cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*
business_process_manager
Version:
7.5.1.0
CPE:
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*
business_process_manager
Version:
8.0.1.2
CPE:
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*
business_process_manager
Version:
7.5.1.2
CPE:
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*
websphere_application_server
Version:
7.2.0.3
CPE:
cpe:2.3:a:ibm:websphere_application_server:7.2.0.3:*:*:*:lombardi:*:*:*
business_process_manager
Version:
7.5.1.1
CPE:
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*
websphere_application_server
Version:
7.2.0.1
CPE:
cpe:2.3:a:ibm:websphere_application_server:7.2.0.1:*:*:*:lombardi:*:*:*
business_process_manager
Version:
8.5.0.1
CPE:
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*
business_process_manager
Version:
8.0.0.0
CPE:
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*
websphere_application_server
Version:
7.2.0.4
CPE:
cpe:2.3:a:ibm:websphere_application_server:7.2.0.4:*:*:*:lombardi:*:*:*
business_process_manager
Version:
8.0.1.3
CPE:
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:-:*:*:*
websphere_application_server
Version:
7.2.0.0
CPE:
cpe:2.3:a:ibm:websphere_application_server:7.2.0.0:*:*:*:lombardi:*:*:*
business_process_manager
Version:
8.0.1.1
CPE:
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*
business_process_manager
Version:
8.5.5.0
CPE:
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*
business_process_manager
Version:
7.5.0.1
CPE:
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*
This vulnerability affects 19 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.securityfocus.com/bid/73274psirt@us.ibm.com Third Party Advisory VDB Entry
-
https://www-304.ibm.com/support/docview.wss?uid=swg21694940psirt@us.ibm.com Vendor Advisory
-
http://www.securityfocus.com/bid/73274af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://www-304.ibm.com/support/docview.wss?uid=swg21694940af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-284
Improper Access Control
- Description
- The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- Typical Severity
- Medium
- Abstraction Level
- Pillar
Key Information
- Published Date
- September 15, 2017
