Lucene search

[email protected]CVE-2015-7454

HistoryMar 21, 2016 - 2:59 p.m.

CVE-2015-7454

2016-03-2114:59:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

websphere

process server

business process manager

remote

authenticated

access restrictions

cve-2015-7454

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

8.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.5%

JSON

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

CPENameOperatorVersion
ibm:websphere_process_serveribm websphere process servereq6.1.2
ibm:websphere_process_serveribm websphere process servereq7.0
ibm:websphere_process_serveribm websphere process servereq6.2.0.3
ibm:websphere_process_serveribm websphere process servereq7.0.0.4
ibm:websphere_process_serveribm websphere process servereq6.2
ibm:websphere_process_serveribm websphere process servereq6.1.2.2
ibm:websphere_process_serveribm websphere process servereq7.0.0.2
ibm:websphere_process_serveribm websphere process servereq6.1.2.1
ibm:websphere_process_serveribm websphere process servereq7.0.0.5
ibm:websphere_process_serveribm websphere process servereq6.1.2.3

CPE	Name	Operator	Version
ibm:websphere_process_server	ibm websphere process server	eq	6.1.2
ibm:websphere_process_server	ibm websphere process server	eq	7.0
ibm:websphere_process_server	ibm websphere process server	eq	6.2.0.3
ibm:websphere_process_server	ibm websphere process server	eq	7.0.0.4
ibm:websphere_process_server	ibm websphere process server	eq	6.2
ibm:websphere_process_server	ibm websphere process server	eq	6.1.2.2
ibm:websphere_process_server	ibm websphere process server	eq	7.0.0.2
ibm:websphere_process_server	ibm websphere process server	eq	6.1.2.1
ibm:websphere_process_server	ibm websphere process server	eq	7.0.0.5
ibm:websphere_process_server	ibm websphere process server	eq	6.1.2.3

Rows per page:

1-10 of 311

References

www-01.ibm.com/support/docview.wss?uid=swg1JR54678

www-01.ibm.com/support/docview.wss?uid=swg21972005

www.securityfocus.com/bid/85089

www.securitytracker.com/id/1035319

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

8.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.5%

JSON

Related for CVE-2015-7454

prion1 ibm5