6.5

CVE-2015-0110

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmBusiness Process Manager Version7.5.0.0
IbmBusiness Process Manager Version7.5.0.1
IbmBusiness Process Manager Version7.5.1.0
IbmBusiness Process Manager Version7.5.1.1
IbmBusiness Process Manager Version7.5.1.2
IbmBusiness Process Manager Version8.0.0.0
IbmBusiness Process Manager Version8.0.1.0
IbmBusiness Process Manager Version8.0.1.1
IbmBusiness Process Manager Version8.0.1.2
IbmBusiness Process Manager Version8.0.1.3
IbmBusiness Process Manager Version8.5.0.0
IbmBusiness Process Manager Version8.5.0.1
IbmBusiness Process Manager Version8.5.5.0
IbmWebsphere Application Server Version7.2.0.0 SwEditionlombardi
IbmWebsphere Application Server Version7.2.0.1 SwEditionlombardi
IbmWebsphere Application Server Version7.2.0.2 SwEditionlombardi
IbmWebsphere Application Server Version7.2.0.3 SwEditionlombardi
IbmWebsphere Application Server Version7.2.0.4 SwEditionlombardi
IbmWebsphere Application Server Version7.2.0.5 SwEditionlombardi
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.228
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/73274
Third Party Advisory
VDB Entry