3.5

CVE-2015-1904

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmBusiness Process Manager Version8.0.0.0 SwEditionadvanced
IbmBusiness Process Manager Version8.0.0.0 SwEditionexpress
IbmBusiness Process Manager Version8.0.0.0 SwEditionstandard
IbmBusiness Process Manager Version8.0.1.0 SwEditionadvanced
IbmBusiness Process Manager Version8.0.1.0 SwEditionexpress
IbmBusiness Process Manager Version8.0.1.0 SwEditionstandard
IbmBusiness Process Manager Version8.0.1.1 SwEditionadvanced
IbmBusiness Process Manager Version8.0.1.1 SwEditionexpress
IbmBusiness Process Manager Version8.0.1.1 SwEditionstandard
IbmBusiness Process Manager Version8.0.1.2 SwEditionadvanced
IbmBusiness Process Manager Version8.0.1.2 SwEditionexpress
IbmBusiness Process Manager Version8.0.1.2 SwEditionstandard
IbmBusiness Process Manager Version8.0.1.3 SwEditionadvanced
IbmBusiness Process Manager Version8.0.1.3 SwEditionexpress
IbmBusiness Process Manager Version8.0.1.3 SwEditionstandard
IbmBusiness Process Manager Version8.5.0.0 SwEditionadvanced
IbmBusiness Process Manager Version8.5.0.0 SwEditionexpress
IbmBusiness Process Manager Version8.5.0.0 SwEditionstandard
IbmBusiness Process Manager Version8.5.0.1 SwEditionadvanced
IbmBusiness Process Manager Version8.5.0.1 SwEditionexpress
IbmBusiness Process Manager Version8.5.0.1 SwEditionstandard
IbmBusiness Process Manager Version8.5.5.0 SwEditionadvanced
IbmBusiness Process Manager Version8.5.5.0 SwEditionexpress
IbmBusiness Process Manager Version8.5.5.0 SwEditionstandard
IbmBusiness Process Manager Version8.5.6.0 SwEditionadvanced
IbmBusiness Process Manager Version8.5.6.0 SwEditionexpress
IbmBusiness Process Manager Version8.5.6.0 SwEditionstandard
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.43% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21960293
Patch
Vendor Advisory
http://www.securitytracker.com/id/1033159