ID CVE-2015-0110
Type cve
Reporter cve@mitre.org
Modified 2017-09-26T18:29:00
Description
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
{"id": "CVE-2015-0110", "bulletinFamily": "NVD", "title": "CVE-2015-0110", "description": "IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.", "published": "2017-09-15T20:29:00", "modified": "2017-09-26T18:29:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0110", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/73274", "https://www-304.ibm.com/support/docview.wss?uid=swg21694940"], "cvelist": ["CVE-2015-0110"], "type": "cve", "lastseen": "2019-05-29T18:14:38", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "2a222b28376276affc971acf681a71cc"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "70ef40c15a70fef4375221d0de52a9fa"}, {"key": "cpe23", "hash": "0f375bc3d78cc8456880770fe09a3948"}, {"key": "cvelist", "hash": "a3a9ca87fee1484cc08cfbe7ded95440"}, {"key": "cvss", "hash": "e1d012862e46f71d2989343c0d39d85d"}, {"key": "cvss2", "hash": "12605110f6b0f681546f76ebbc998db5"}, {"key": "cvss3", "hash": "645af118f57f65d0627bc49b749580f2"}, {"key": "cwe", "hash": "bf65bed5ef164b420c3766cd1a3b85a5"}, {"key": "description", "hash": "dd0c5ec1aa7fd37ea66c339638520081"}, {"key": "href", "hash": "0cd7ec223b0ba9f569f7f294deb95419"}, {"key": "modified", "hash": "3bcc12a95e4e18555fe467ea2e19eba9"}, {"key": "published", "hash": "653db2d6c6eee512733007e87eee68f0"}, {"key": "references", "hash": "ebfa6b83fd1d30f0348df8fe1fe324c7"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "51d5ae0619c47309a396f5c81951e921"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ab998e0302647f2a55add0ff76ba5a49df587c4afc7940fad4e14cc6901807e9", "viewCount": 0, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2019-05-29T18:14:38"}, "dependencies": {"references": [], "modified": "2019-05-29T18:14:38"}, "vulnersScore": 6.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:ibm:websphere_application_server:7.2.0.1", "cpe:/a:ibm:business_process_manager:8.5.5.0", "cpe:/a:ibm:business_process_manager:7.5.1.0", "cpe:/a:ibm:business_process_manager:8.0.1.2", "cpe:/a:ibm:business_process_manager:8.5.0.0", "cpe:/a:ibm:websphere_application_server:7.2.0.5", "cpe:/a:ibm:business_process_manager:7.5.0.1", "cpe:/a:ibm:business_process_manager:7.5.0.0", "cpe:/a:ibm:business_process_manager:7.5.1.2", "cpe:/a:ibm:business_process_manager:8.0.1.0", "cpe:/a:ibm:business_process_manager:8.0.1.1", "cpe:/a:ibm:websphere_application_server:7.2.0.4", "cpe:/a:ibm:business_process_manager:7.5.1.1", "cpe:/a:ibm:websphere_application_server:7.2.0.2", "cpe:/a:ibm:business_process_manager:8.0.1.3", "cpe:/a:ibm:business_process_manager:8.5.0.1", "cpe:/a:ibm:business_process_manager:8.0.0.0", "cpe:/a:ibm:websphere_application_server:7.2.0.3", "cpe:/a:ibm:websphere_application_server:7.2.0.0"], "affectedSoftware": [{"name": "ibm business_process_manager", "operator": "eq", "version": "8.0.1.0"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "8.0.0.0"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "8.0.1.1"}, {"name": "ibm websphere_application_server", "operator": "eq", "version": "7.2.0.4"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "8.0.1.3"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "7.5.0.1"}, {"name": "ibm websphere_application_server", "operator": "eq", "version": "7.2.0.2"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "7.5.1.1"}, {"name": "ibm websphere_application_server", "operator": "eq", "version": "7.2.0.5"}, {"name": "ibm websphere_application_server", "operator": "eq", "version": "7.2.0.0"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "7.5.1.0"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "7.5.0.0"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "8.5.5.0"}, {"name": "ibm websphere_application_server", "operator": "eq", "version": "7.2.0.3"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "7.5.1.2"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "8.5.0.1"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "8.0.1.2"}, {"name": "ibm websphere_application_server", "operator": "eq", "version": "7.2.0.1"}, {"name": "ibm business_process_manager", "operator": "eq", "version": "8.5.0.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.2.0.5:*:*:*:lombardi:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.2.0.1:*:*:*:lombardi:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.2.0.2:*:*:*:lombardi:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.2.0.0:*:*:*:lombardi:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.2.0.3:*:*:*:lombardi:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.2.0.4:*:*:*:lombardi:*:*:*", "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*"], "cwe": ["CWE-284"]}
{}