CVE-2015-1884Path Traversal in IBM Business Process Manager

CWE-22Path Traversal3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.8%
top 25.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Business Process ManagerIBM Websphere
Timeline
PublishedJun 28
Latest updateMay 17

Description

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDibm/business_process_manager13 versions+12
NVDibm/websphere6 versions+5

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-33cg-4pq4-gv4q: Directory traversal vulnerability in IBM Business Process Manager (BPM) 72022-05-17
CVEList
CVE-2015-1884: Directory traversal vulnerability in IBM Business Process Manager (BPM) 72015-06-28
CVE-2015-1884 — Path Traversal in IBM | cvebase