CVE-2015-7454

EUVD-2015-7378
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_process_server
6.1.2
ibmwebsphere_process_server
6.1.2.1
ibmwebsphere_process_server
6.1.2.2
ibmwebsphere_process_server
6.1.2.3
ibmwebsphere_process_server
6.2
ibmwebsphere_process_server
6.2.0.1
ibmwebsphere_process_server
6.2.0.2
ibmwebsphere_process_server
6.2.0.3
ibmwebsphere_process_server
7.0
ibmwebsphere_process_server
7.0.0.1
ibmwebsphere_process_server
7.0.0.2
ibmwebsphere_process_server
7.0.0.3
ibmwebsphere_process_server
7.0.0.4
ibmwebsphere_process_server
7.0.0.5
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.2
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.1
ibmbusiness_process_manager
8.5.6.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678
http://www-01.ibm.com/support/docview.wss?uid=swg21972005
http://www.securityfocus.com/bid/85089
http://www.securitytracker.com/id/1035319
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678
http://www-01.ibm.com/support/docview.wss?uid=swg21972005
http://www.securityfocus.com/bid/85089
http://www.securitytracker.com/id/1035319