CVE-2015-7454 — IBM Business Process Manager vulnerability

CWE-2643 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 63.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager IBM Websphere Process Server

Timeline

PublishedMar 21

Latest updateMay 17

Description

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/business_process_manager17 versions+16

▶NVDibm/websphere_process_server14 versions+13

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3qv-75j5-j7h2: Business Space in IBM WebSphere Process Server 6↗2022-05-17

▶

CVEList

CVE-2015-7454: Business Space in IBM WebSphere Process Server 6↗2016-03-21

▶