Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-7441

Опубликовано: 01 янв. 2016
Источник: nvd
CVSS3: 6.8
CVSS2: 4.9
EPSS Низкий

Описание

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.00247
Низкий

6.8 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-17

Связанные уязвимости

github логотип

GHSA-rjpq-9c64-924q

CVSS3: 6.8
github
больше 3 лет назад

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

EPSS

Процентиль: 48%
0.00247
Низкий

6.8 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-17