CVE-2015-1905

EUVD-2015-2010
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772
http://www-01.ibm.com/support/docview.wss?uid=swg21700717
http://www.securityfocus.com/bid/75977
http://www.securitytracker.com/id/1033002
http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772
http://www-01.ibm.com/support/docview.wss?uid=swg21700717
http://www.securityfocus.com/bid/75977
http://www.securitytracker.com/id/1033002