Vulnerability Details : CVE-2015-7454
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.
Products affected by CVE-2015-7454
- cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_process_server:6.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7454
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7454
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2015-7454
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7454
-
http://www.securitytracker.com/id/1035319
IBM Business Process Manager Bugs Let Remote Authenticated Users Deny Service and Create Pages and Spaces - SecurityTracker
-
http://www.securityfocus.com/bid/85089
IBM Business Process Manager Advanced and WebSphere Process Server Security Bypass Vulnerability
-
http://www-01.ibm.com/support/docview.wss?uid=swg21972005
IBM Security Bulletin: Multiple security vulnerabilities in Business Space affect IBM Business Process Manager and WebSphere Process Server (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454)Patch;Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678
IBM JR54678: SECURITY APAR - SECURITY VULNERABILITIES EXIST IN BUSINESS SPACE CVE-2015-7400, CVE-2015-7407, CVE-2015-7454, CVE-2014-8912
Jump to