CVE-2015-7454

MEDIUM

IBM WebSphere Process Server <7.0.0.5 - Auth Bypass

Title source: llm

Description

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

References (4)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678

[Patch, Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21972005

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/85089

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035319

Scores

CVSS v3 4.3

EPSS 0.0016

EPSS Percentile 36.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-264

Status draft

Affected Products (31)

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/websphere_process_server

ibm/business_process_manager

... and 16 more

Timeline

Published Mar 21, 2016

Tracked Since Feb 18, 2026