CVE-2015-7454
Summary
| CVE | CVE-2015-7454 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-03-21 14:59:00 UTC |
| Updated | 2016-12-03 03:12:00 UTC |
| Description | Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.2 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 7.5.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.0.1.3 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.2 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.5.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.1 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.6.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2.1 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2.3 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2.0.1 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2.0.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2.0.3 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.1 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.3 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.4 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.5 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2.1 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.1.2.3 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2.0.1 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2.0.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 6.2.0.3 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.1 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.2 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.3 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.4 | All | All | All |
| Application | Ibm | Websphere Process Server | 7.0.0.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Business Process Manager Advanced and WebSphere Process Server Security Bypass Vulnerability | BID | www.securityfocus.com | |
| IBM Business Process Manager Bugs Let Remote Authenticated Users Deny Service and Create Pages and Spaces - SecurityTracker | SECTRACK | www.securitytracker.com | |
| IBM JR54678: SECURITY APAR - SECURITY VULNERABILITIES EXIST IN BUSINESS SPACE CVE-2015-7400, CVE-2015-7407, CVE-2015-7454, CVE-2014-8912 - United States | AIXAPAR | www-01.ibm.com | |
| IBM Security Bulletin: Multiple security vulnerabilities in Business Space affect IBM Business Process Manager and WebSphere Process Server (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454) - United States | CONFIRM | www-01.ibm.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.