CVE-2015-1905 — IBM Business Process Manager vulnerability

CWE-2645 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 56.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager

Timeline

PublishedJul 21

Latest updateMay 17

Description

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/business_process_manager13 versions+12

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vvw3-39w2-j999: The REST API in IBM Business Process Manager (BPM) 7↗2022-05-17

▶

CVEList

CVE-2015-1905: The REST API in IBM Business Process Manager (BPM) 7↗2015-07-21

▶

💬Community

Bugzilla

CVE-2015-5220 OOME from EAP 6 http management console↗2015-08-21

▶

Bugzilla

CVE-2015-5178 JBoss AS/WildFly: missing X-Frame-Options header leading to clickjacking↗2015-08-05

▶