Lucene search

[email protected]CVE-2015-1904

HistoryAug 01, 2015 - 1:59 a.m.

CVE-2015-1904

2015-08-0101:59:10

CWE-264

[email protected]

web.nvd.nist.gov

ibm bpm

cve-2015-1904

security vulnerability

document-access restrictions

ecm integration

8.7 High

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.2%

JSON

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

Affected configurations

NVD

Node

ibmbusiness_process_managerMatch8.0.0.0advanced

ibmbusiness_process_managerMatch8.0.0.0express

ibmbusiness_process_managerMatch8.0.0.0standard

ibmbusiness_process_managerMatch8.0.1.0advanced

ibmbusiness_process_managerMatch8.0.1.0express

ibmbusiness_process_managerMatch8.0.1.0standard

ibmbusiness_process_managerMatch8.0.1.1advanced

ibmbusiness_process_managerMatch8.0.1.1express

ibmbusiness_process_managerMatch8.0.1.1standard

ibmbusiness_process_managerMatch8.0.1.2advanced

ibmbusiness_process_managerMatch8.0.1.2express

ibmbusiness_process_managerMatch8.0.1.2standard

ibmbusiness_process_managerMatch8.0.1.3advanced

ibmbusiness_process_managerMatch8.0.1.3express

ibmbusiness_process_managerMatch8.0.1.3standard

ibmbusiness_process_managerMatch8.5.0.0advanced

ibmbusiness_process_managerMatch8.5.0.0express

ibmbusiness_process_managerMatch8.5.0.0standard

ibmbusiness_process_managerMatch8.5.0.1advanced

ibmbusiness_process_managerMatch8.5.0.1express

ibmbusiness_process_managerMatch8.5.0.1standard

ibmbusiness_process_managerMatch8.5.5.0advanced

ibmbusiness_process_managerMatch8.5.5.0express

ibmbusiness_process_managerMatch8.5.5.0standard

ibmbusiness_process_managerMatch8.5.6.0advanced

ibmbusiness_process_managerMatch8.5.6.0express

ibmbusiness_process_managerMatch8.5.6.0standard

CPENameOperatorVersion
ibm:business_process_manageribm business process managereq8.0.0.0
ibm:business_process_manageribm business process managereq8.0.1.0
ibm:business_process_manageribm business process managereq8.0.1.1
ibm:business_process_manageribm business process managereq8.0.1.2
ibm:business_process_manageribm business process managereq8.0.1.3
ibm:business_process_manageribm business process managereq8.5.0.0
ibm:business_process_manageribm business process managereq8.5.0.1
ibm:business_process_manageribm business process managereq8.5.5.0
ibm:business_process_manageribm business process managereq8.5.6.0

CPE	Name	Operator	Version
ibm:business_process_manager	ibm business process manager	eq	8.0.0.0
ibm:business_process_manager	ibm business process manager	eq	8.0.1.0
ibm:business_process_manager	ibm business process manager	eq	8.0.1.1
ibm:business_process_manager	ibm business process manager	eq	8.0.1.2
ibm:business_process_manager	ibm business process manager	eq	8.0.1.3
ibm:business_process_manager	ibm business process manager	eq	8.5.0.0
ibm:business_process_manager	ibm business process manager	eq	8.5.0.1
ibm:business_process_manager	ibm business process manager	eq	8.5.5.0
ibm:business_process_manager	ibm business process manager	eq	8.5.6.0