CVE-2015-7441

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.1
ibmbusiness_process_manager
8.5.6.2
ibmwebsphere_process_server
7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760
http://www.securitytracker.com/id/1034531
http://www.securitytracker.com/id/1034532
https://www-01.ibm.com/support/docview.wss?uid=swg21971968
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760
http://www.securitytracker.com/id/1034531
http://www.securitytracker.com/id/1034532
https://www-01.ibm.com/support/docview.wss?uid=swg21971968