Lucene search
HistoryMay 25, 2015 - 2:59 p.m.
CVE-2015-0156
ibm
bpm
wle
xss
vulnerability
remote users
web script
html
crafted url
5.2 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.2%
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Affected configurations
Node
ibmwebsphereMatch7.2lombardi
ORibmwebsphereMatch7.2.0.1lombardi
ORibmwebsphereMatch7.2.0.2lombardi
ORibmwebsphereMatch7.2.0.3lombardi
ORibmwebsphereMatch7.2.0.4lombardi
ORibmwebsphereMatch7.2.0.5lombardi
Node
ibmbusiness_process_managerMatch7.5.0.0
ORibmbusiness_process_managerMatch7.5.0.0advanced
ORibmbusiness_process_managerMatch7.5.0.0express
ORibmbusiness_process_managerMatch7.5.0.0standard
ORibmbusiness_process_managerMatch7.5.0.1
ORibmbusiness_process_managerMatch7.5.0.1advanced
ORibmbusiness_process_managerMatch7.5.0.1express
ORibmbusiness_process_managerMatch7.5.0.1standard
ORibmbusiness_process_managerMatch7.5.1.0
ORibmbusiness_process_managerMatch7.5.1.0advanced
ORibmbusiness_process_managerMatch7.5.1.0express
ORibmbusiness_process_managerMatch7.5.1.0standard
ORibmbusiness_process_managerMatch7.5.1.1
ORibmbusiness_process_managerMatch7.5.1.1advanced
ORibmbusiness_process_managerMatch7.5.1.1express
ORibmbusiness_process_managerMatch7.5.1.1standard
ORibmbusiness_process_managerMatch7.5.1.2
ORibmbusiness_process_managerMatch7.5.1.2advanced
ORibmbusiness_process_managerMatch7.5.1.2express
ORibmbusiness_process_managerMatch7.5.1.2standard
ORibmbusiness_process_managerMatch8.0.0.0
ORibmbusiness_process_managerMatch8.0.0.0advanced
ORibmbusiness_process_managerMatch8.0.0.0express
ORibmbusiness_process_managerMatch8.0.0.0standard
ORibmbusiness_process_managerMatch8.0.1.0
ORibmbusiness_process_managerMatch8.0.1.0advanced
ORibmbusiness_process_managerMatch8.0.1.0express
ORibmbusiness_process_managerMatch8.0.1.0standard
ORibmbusiness_process_managerMatch8.0.1.1
ORibmbusiness_process_managerMatch8.0.1.1advanced
ORibmbusiness_process_managerMatch8.0.1.1express
ORibmbusiness_process_managerMatch8.0.1.1standard
ORibmbusiness_process_managerMatch8.0.1.2
ORibmbusiness_process_managerMatch8.0.1.2advanced
ORibmbusiness_process_managerMatch8.0.1.2express
ORibmbusiness_process_managerMatch8.0.1.2standard
ORibmbusiness_process_managerMatch8.0.1.3advanced
ORibmbusiness_process_managerMatch8.0.1.3express
ORibmbusiness_process_managerMatch8.0.1.3standard
ORibmbusiness_process_managerMatch8.5.0.0
ORibmbusiness_process_managerMatch8.5.0.0advanced
ORibmbusiness_process_managerMatch8.5.0.0express
ORibmbusiness_process_managerMatch8.5.0.0standard
ORibmbusiness_process_managerMatch8.5.0.1
ORibmbusiness_process_managerMatch8.5.0.1advanced
ORibmbusiness_process_managerMatch8.5.0.1express
ORibmbusiness_process_managerMatch8.5.0.1standard
ORibmbusiness_process_managerMatch8.5.5.0
ORibmbusiness_process_managerMatch8.5.5.0advanced
ORibmbusiness_process_managerMatch8.5.5.0express
ORibmbusiness_process_managerMatch8.5.5.0standard
ORibmbusiness_process_managerMatch8.5.6.0
ORibmbusiness_process_managerMatch8.5.6.0advanced
ORibmbusiness_process_managerMatch8.5.6.0express
ORibmbusiness_process_managerMatch8.5.6.0standard
Related
nvd
nvd
CVE-2015-0156
2015-05-25 14:59:09
cvelist
cvelist
CVE-2015-0156
2015-05-25 14:00:00
ibm
ibm
prion
prion
Cross site scripting
2015-05-25 14:59:00
5.2 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.2%
Related for CVE-2015-0156