CVE-2015-1961
IBM Business Process Manager 7.5.x-8.5.6.0 - Authenticated Arbitrary JavaScript Execution via REST API
Title source: llmDescription
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21959052
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032972
Patch, Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR53356
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75536
Scores
EPSS
0.0241
EPSS Percentile
82.1%
Details
CWE
CWE-284
Status
published
Products (13)
ibm/business_process_manager
7.5.0.0 (3 CPE variants)
ibm/business_process_manager
7.5.0.1 (3 CPE variants)
ibm/business_process_manager
7.5.1.0 (3 CPE variants)
ibm/business_process_manager
7.5.1.1 (3 CPE variants)
ibm/business_process_manager
8.0.0.0 (3 CPE variants)
ibm/business_process_manager
8.0.1.0 (3 CPE variants)
ibm/business_process_manager
8.0.1.1 (3 CPE variants)
ibm/business_process_manager
8.0.1.2 (3 CPE variants)
ibm/business_process_manager
8.0.1.3 (3 CPE variants)
ibm/business_process_manager
8.5.0.0 (3 CPE variants)
... and 3 more
Published
Jul 13, 2015
Tracked Since
Feb 18, 2026