CVE-2015-1904 — IBM Business Process Manager vulnerability

CWE-2644 documents4 sources

Severity

3.5LOWNVD

EPSS

0.1%

top 69.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager

Timeline

PublishedAug 1

Latest updateMay 17

Description

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/business_process_manager9 versions+8

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-69gr-h4f7-x89q: IBM Business Process Manager (BPM) 8↗2022-05-17

▶

CVEList

CVE-2015-1904: IBM Business Process Manager (BPM) 8↗2015-08-01

▶

💬Community

Bugzilla

CVE-2015-5220 OOME from EAP 6 http management console↗2015-08-21

▶