CVE-2015-1884
Summary
| CVE | CVE-2015-1884 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-06-28 14:59:00 UTC |
| Updated | 2016-12-28 02:59:00 UTC |
| Description | Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Websphere | 7.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.1 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.3 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.4 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.5 | All | All | All |
| Application | Ibm | Websphere | 7.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.1 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.2 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.3 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.4 | All | All | All |
| Application | Ibm | Websphere | 7.2.0.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Security Bulletin: File path traversal vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) (CVE-2015-1884) - United States | CONFIRM | www-01.ibm.com | Patch, Vendor Advisory |
| IBM JR52957: SECURITY APAR - CVE-2015-1884 - FILE PATH TRAVERSAL VULNERABILITY IN COACH FRAMEWORK - United States | AIXAPAR | www-01.ibm.com | Patch, Vendor Advisory |
| IBM Business Process Manager and WebSphere Lombardi Edition Directory Traversal Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| IBM Business Process Manager Input Validation Flaw Lets Remote Authenticated Users Traverse the Directory - SecurityTracker | SECTRACK | www.securitytracker.com | |
| IBM WebSphere Lombardi Edition Input Validation Flaw Lets Remote Authenticated Users Traverse the Directory - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.