Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-1904

Опубликовано: 01 авг. 2015
Источник: nvd
CVSS2: 3.5
EPSS Низкий

Описание

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*

EPSS

Процентиль: 31%
0.00117
Низкий

3.5 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-69gr-h4f7-x89q

github
больше 3 лет назад

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

fstec логотип

BDU:2015-10991

fstec
больше 10 лет назад

Уязвимость системы автоматизации деятельности предприятия Business Process Manager, позволяющая нарушителю обойти ограничения доступа, связанные с загрузкой/скачиванием документов

EPSS

Процентиль: 31%
0.00117
Низкий

3.5 Low

CVSS2

Дефекты

CWE-264