Websphere Process Server
CVE-2015-7454
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.
AnalysisAI
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-264. Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. Affected products include: Ibm Websphere Process Server, Ibm Business Process Manager. Version information: through 7.0.0.5.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Websphere Process Server
View allRemote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerabi
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x thro
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today