CVE-2015-0110 — MEDIUM (6.5)

Vulnerability Description

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Business Process Manager	7.5.0.0
Ibm	Websphere Application Server	7.2.0.0

Related Weaknesses (CWE)

CWE-284

References

http://www.securityfocus.com/bid/73274Third Party AdvisoryVDB Entry
https://www-304.ibm.com/support/docview.wss?uid=swg21694940Vendor Advisory
http://www.securityfocus.com/bid/73274Third Party AdvisoryVDB Entry
https://www-304.ibm.com/support/docview.wss?uid=swg21694940Vendor Advisory

FAQ

What is CVE-2015-0110?

CVE-2015-0110 is a vulnerability with a CVSS score of 6.5 (MEDIUM). IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal servic...

How severe is CVE-2015-0110?

CVE-2015-0110 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0110?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager, Ibm Websphere Application Server.