Lucene search
IbmCVE-2015-4955HistoryOct 03, 2015 - 10:59 p.m.
CVE-2015-4955
2015-10-0322:59:09
CWE-79
ibm
web.nvd.nist.gov
28
cve-2015-4955
xss vulnerability
ibm bpm
web security
injection
nvd
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
44.2%
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Affected configurations
Node
ibmbusiness_process_managerMatch8.0.0.0
ORibmbusiness_process_managerMatch8.0.0.0advanced
ORibmbusiness_process_managerMatch8.0.0.0express
ORibmbusiness_process_managerMatch8.0.0.0standard
ORibmbusiness_process_managerMatch8.0.1.0
ORibmbusiness_process_managerMatch8.0.1.0advanced
ORibmbusiness_process_managerMatch8.0.1.0express
ORibmbusiness_process_managerMatch8.0.1.0standard
ORibmbusiness_process_managerMatch8.0.1.1
ORibmbusiness_process_managerMatch8.0.1.1advanced
ORibmbusiness_process_managerMatch8.0.1.1express
ORibmbusiness_process_managerMatch8.0.1.1standard
ORibmbusiness_process_managerMatch8.0.1.2
ORibmbusiness_process_managerMatch8.0.1.2advanced
ORibmbusiness_process_managerMatch8.0.1.2express
ORibmbusiness_process_managerMatch8.0.1.2standard
ORibmbusiness_process_managerMatch8.0.1.3advanced
ORibmbusiness_process_managerMatch8.0.1.3express
ORibmbusiness_process_managerMatch8.0.1.3standard
ORibmbusiness_process_managerMatch8.5.0.0
ORibmbusiness_process_managerMatch8.5.0.0advanced
ORibmbusiness_process_managerMatch8.5.0.0express
ORibmbusiness_process_managerMatch8.5.0.0standard
ORibmbusiness_process_managerMatch8.5.0.1
ORibmbusiness_process_managerMatch8.5.0.1advanced
ORibmbusiness_process_managerMatch8.5.0.1express
ORibmbusiness_process_managerMatch8.5.0.1standard
ORibmbusiness_process_managerMatch8.5.5.0
ORibmbusiness_process_managerMatch8.5.5.0advanced
ORibmbusiness_process_managerMatch8.5.5.0express
ORibmbusiness_process_managerMatch8.5.5.0standard
ORibmbusiness_process_managerMatch8.5.6.0
ORibmbusiness_process_managerMatch8.5.6.0advanced
ORibmbusiness_process_managerMatch8.5.6.0express
ORibmbusiness_process_managerMatch8.5.6.0standard
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | business_process_manager | 8.0.0.0 | cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:* |
| ibm | business_process_manager | 8.0.0.0 | cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:* |
| ibm | business_process_manager | 8.0.0.0 | cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:* |
| ibm | business_process_manager | 8.0.0.0 | cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:* |
| ibm | business_process_manager | 8.0.1.0 | cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:* |
| ibm | business_process_manager | 8.0.1.0 | cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:* |
| ibm | business_process_manager | 8.0.1.0 | cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:* |
| ibm | business_process_manager | 8.0.1.0 | cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:* |
| ibm | business_process_manager | 8.0.1.1 | cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:* |
| ibm | business_process_manager | 8.0.1.1 | cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:* |
Related
ibm
ibm
nvd
nvd
CVE-2015-4955
2015-10-03 22:59:09
prion
prion
Cross site scripting
2015-10-03 22:59:00
cvelist
cvelist
CVE-2015-4955
2015-10-03 22:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
44.2%
Related for CVE-2015-4955