Vulnerability Description
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Process Manager | 8.0.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21960293PatchVendor Advisory
- http://www.securitytracker.com/id/1033159
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21960293PatchVendor Advisory
- http://www.securitytracker.com/id/1033159
FAQ
What is CVE-2015-1904?
CVE-2015-1904 is a vulnerability with a CVSS score of 3.5 (LOW). IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enab...
How severe is CVE-2015-1904?
CVE-2015-1904 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1904?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager.