Lucene search

IbmCVE-2015-1961

HistoryJul 13, 2015 - 4:59 p.m.

CVE-2015-1961

2015-07-1316:59:00

CWE-284

ibm

web.nvd.nist.gov

ibm

bpm

security

vulnerability

cve-2015-1961

api

javascript

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.003

Percentile

70.0%

JSON

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.

Affected configurations

Nvd

Node

ibmbusiness_process_managerMatch7.5.0.0advanced

ibmbusiness_process_managerMatch7.5.0.0express

ibmbusiness_process_managerMatch7.5.0.0standard

ibmbusiness_process_managerMatch7.5.0.1advanced

ibmbusiness_process_managerMatch7.5.0.1express

ibmbusiness_process_managerMatch7.5.0.1standard

ibmbusiness_process_managerMatch7.5.1.0advanced

ibmbusiness_process_managerMatch7.5.1.0express

ibmbusiness_process_managerMatch7.5.1.0standard

ibmbusiness_process_managerMatch7.5.1.1advanced

ibmbusiness_process_managerMatch7.5.1.1express

ibmbusiness_process_managerMatch7.5.1.1standard

ibmbusiness_process_managerMatch8.0.0.0advanced

ibmbusiness_process_managerMatch8.0.0.0express

ibmbusiness_process_managerMatch8.0.0.0standard

ibmbusiness_process_managerMatch8.0.1.0advanced

ibmbusiness_process_managerMatch8.0.1.0express

ibmbusiness_process_managerMatch8.0.1.0standard

ibmbusiness_process_managerMatch8.0.1.1advanced

ibmbusiness_process_managerMatch8.0.1.1express

ibmbusiness_process_managerMatch8.0.1.1standard

ibmbusiness_process_managerMatch8.0.1.2advanced

ibmbusiness_process_managerMatch8.0.1.2express

ibmbusiness_process_managerMatch8.0.1.2standard

ibmbusiness_process_managerMatch8.0.1.3advanced

ibmbusiness_process_managerMatch8.0.1.3express

ibmbusiness_process_managerMatch8.0.1.3standard

ibmbusiness_process_managerMatch8.5.0.0advanced

ibmbusiness_process_managerMatch8.5.0.0express

ibmbusiness_process_managerMatch8.5.0.0standard

ibmbusiness_process_managerMatch8.5.0.1advanced

ibmbusiness_process_managerMatch8.5.0.1express

ibmbusiness_process_managerMatch8.5.0.1standard

ibmbusiness_process_managerMatch8.5.5.0advanced

ibmbusiness_process_managerMatch8.5.5.0express

ibmbusiness_process_managerMatch8.5.5.0standard

ibmbusiness_process_managerMatch8.5.6.0advanced

ibmbusiness_process_managerMatch8.5.6.0express

ibmbusiness_process_managerMatch8.5.6.0standard

VendorProductVersionCPE
ibmbusiness_process_manager7.5.0.0cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*
ibmbusiness_process_manager7.5.0.0cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*
ibmbusiness_process_manager7.5.0.0cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*
ibmbusiness_process_manager7.5.0.1cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
ibmbusiness_process_manager7.5.0.1cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*
ibmbusiness_process_manager7.5.0.1cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*
ibmbusiness_process_manager7.5.1.0cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*
ibmbusiness_process_manager7.5.1.0cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*
ibmbusiness_process_manager7.5.1.0cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*
ibmbusiness_process_manager7.5.1.1cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*

Vendor	Product	Version	CPE
ibm	business_process_manager	7.5.0.0	cpe:2.3:a:ibm:business_process_manager:7.5.0.0::::advanced:::
ibm	business_process_manager	7.5.0.0	cpe:2.3:a:ibm:business_process_manager:7.5.0.0::::express:::
ibm	business_process_manager	7.5.0.0	cpe:2.3:a:ibm:business_process_manager:7.5.0.0::::standard:::
ibm	business_process_manager	7.5.0.1	cpe:2.3:a:ibm:business_process_manager:7.5.0.1::::advanced:::
ibm	business_process_manager	7.5.0.1	cpe:2.3:a:ibm:business_process_manager:7.5.0.1::::express:::
ibm	business_process_manager	7.5.0.1	cpe:2.3:a:ibm:business_process_manager:7.5.0.1::::standard:::
ibm	business_process_manager	7.5.1.0	cpe:2.3:a:ibm:business_process_manager:7.5.1.0::::advanced:::
ibm	business_process_manager	7.5.1.0	cpe:2.3:a:ibm:business_process_manager:7.5.1.0::::express:::
ibm	business_process_manager	7.5.1.0	cpe:2.3:a:ibm:business_process_manager:7.5.1.0::::standard:::
ibm	business_process_manager	7.5.1.1	cpe:2.3:a:ibm:business_process_manager:7.5.1.1::::advanced:::

Rows per page:

1-10 of 391

References

www-01.ibm.com/support/docview.wss?uid=swg1JR53356

www-01.ibm.com/support/docview.wss?uid=swg21959052

www.securityfocus.com/bid/75536

www.securitytracker.com/id/1032972

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.003

Percentile

70.0%

JSON

Related for CVE-2015-1961