CVE-2015-7454

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Process Server
Vendor
CVE Published:
21 March 2016

Summary

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

References

http://www.securitytracker.com/id/1035319
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/85089
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678
vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.