Vulnerability Description
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Process Manager | 7.5.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR53356PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959052PatchVendor Advisory
- http://www.securityfocus.com/bid/75536
- http://www.securitytracker.com/id/1032972
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR53356PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21959052PatchVendor Advisory
- http://www.securityfocus.com/bid/75536
- http://www.securitytracker.com/id/1032972
FAQ
What is CVE-2015-1961?
CVE-2015-1961 is a vulnerability with a CVSS score of 9.0 (HIGH). The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated use...
How severe is CVE-2015-1961?
CVE-2015-1961 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1961?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager.