Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-7454

Опубликовано: 21 мар. 2016
Источник: nvd
CVSS3: 4.3
CVSS2: 4
EPSS Низкий

Описание

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:6.1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:6.1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:6.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:6.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:6.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:6.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*

EPSS

Процентиль: 37%
0.0016
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-x3qv-75j5-j7h2

CVSS3: 4.3
github
больше 3 лет назад

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

fstec логотип

BDU:2016-00904

fstec
почти 10 лет назад

Уязвимость системы автоматизации деятельности предприятия Business Process Manager и сервера бизнес-процессов WebSphere Process Server, позволяющая нарушителю обойти существующие ограничения доступа и создать произвольную страницу

EPSS

Процентиль: 37%
0.0016
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-264