CVE-2015-1905

Опубликовано: 21 июл. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21700717
Patch
Vendor Advisory
http://www.securityfocus.com/bid/75977
http://www.securitytracker.com/id/1033002
http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21700717
Patch
Vendor Advisory
http://www.securityfocus.com/bid/75977
http://www.securitytracker.com/id/1033002

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*

EPSS

Процентиль: 43%

0.0021

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-vvw3-39w2-j999

github

больше 3 лет назад

BDU:2015-11023

fstec

больше 10 лет назад

Уязвимость системы автоматизации деятельности предприятия Business Process Manager, позволяющая нарушителю обойти существующие ограничения доступа