CVE-2015-0110Improper Access Control in IBM Business Process Manager

CWE-284Improper Access Control3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 74.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Business Process ManagerIBM Websphere Application Server
Timeline
PublishedSep 15
Latest updateMay 17

Description

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/business_process_manager13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-4c6h-c6cq-h7xp: IBM Business Process Manager (aka BPM) 72022-05-17
CVEList
CVE-2015-0110: IBM Business Process Manager (aka BPM) 72017-09-15
CVE-2015-0110 — Improper Access Control in IBM | cvebase