CVE-2015-0156
Summary
| CVE | CVE-2015-0156 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-05-25 14:59:00 UTC |
| Updated | 2015-05-27 12:33:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Websphere | 7.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.1 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.3 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.4 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.5 | All | All | All |
| Application | Ibm | Websphere | 7.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.1 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.3 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.4 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM IT06812: SECURITY APAR - CVE-2015-0156 - CROSS SITE SCRIPTING VULNERABILITY IN PROCESS ADMIN CONSOLE - United States | AIXAPAR | www-01.ibm.com | Patch, Vendor Advisory |
| IBM JR52420: SECURITY APAR - CVE-2015-0156 - CROSS SITE SCRIPTING VULNERABILITY IN PROCESS ADMIN CONSOLE - United States | AIXAPAR | www-01.ibm.com | Patch, Vendor Advisory |
| IBM Security Bulletin: Persistent cross-site scripting vulnerability in Process Admin Console affecting IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) CVE-2015-0156 - United States | CONFIRM | www-01.ibm.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.