CVE-2015-7463Improper Authorization in IBM Business Process Manager

CWE-285Improper Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 75.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Business Process Manager
Timeline
PublishedMar 15
Latest updateMay 14

Description

IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDibm/business_process_manager15 versions+14

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-jm9x-9mjr-vr2j: IBM Business Process Manager 72022-05-14
CVEList
CVE-2015-7463: IBM Business Process Manager 72018-03-15
CVE-2015-7463 — Improper Authorization in IBM | cvebase