6.5
CVE-2015-0110
- EPSS 0.09%
- Published 15.09.2017 20:29:00
- Last modified 20.04.2025 01:37:25
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Business Process Manager Version7.5.0.0
Ibm ≫ Business Process Manager Version7.5.0.1
Ibm ≫ Business Process Manager Version7.5.1.0
Ibm ≫ Business Process Manager Version7.5.1.1
Ibm ≫ Business Process Manager Version7.5.1.2
Ibm ≫ Business Process Manager Version8.0.0.0
Ibm ≫ Business Process Manager Version8.0.1.0
Ibm ≫ Business Process Manager Version8.0.1.1
Ibm ≫ Business Process Manager Version8.0.1.2
Ibm ≫ Business Process Manager Version8.0.1.3
Ibm ≫ Business Process Manager Version8.5.0.0
Ibm ≫ Business Process Manager Version8.5.0.1
Ibm ≫ Business Process Manager Version8.5.5.0
Ibm ≫ Websphere Application Server Version7.2.0.0 SwEditionlombardi
Ibm ≫ Websphere Application Server Version7.2.0.1 SwEditionlombardi
Ibm ≫ Websphere Application Server Version7.2.0.2 SwEditionlombardi
Ibm ≫ Websphere Application Server Version7.2.0.3 SwEditionlombardi
Ibm ≫ Websphere Application Server Version7.2.0.4 SwEditionlombardi
Ibm ≫ Websphere Application Server Version7.2.0.5 SwEditionlombardi
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.228 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.