Vulnerability Details CVE-2015-1884
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.0%
CVSS Severity
CVSS v2 Score 4.0
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR52957
- http://www-01.ibm.com/support/docview.wss?uid=swg21700831
- http://www.securityfocus.com/bid/75360
- http://www.securitytracker.com/id/1032700
- http://www.securitytracker.com/id/1032701
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR52957
- http://www-01.ibm.com/support/docview.wss?uid=swg21700831
- http://www.securityfocus.com/bid/75360
- http://www.securitytracker.com/id/1032700
- http://www.securitytracker.com/id/1032701
Products affected by CVE-2015-1884
-
cpe:2.3:a:ibm:business_process_manager:7.5.0.0
-
cpe:2.3:a:ibm:business_process_manager:7.5.0.1
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.0
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.1
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.2
-
cpe:2.3:a:ibm:business_process_manager:8.0.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.1
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.2
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.3
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.1
-
cpe:2.3:a:ibm:business_process_manager:8.5.5.0
-
cpe:2.3:a:ibm:websphere:7.2
-
cpe:2.3:a:ibm:websphere:7.2.0.1
-
cpe:2.3:a:ibm:websphere:7.2.0.2
-
cpe:2.3:a:ibm:websphere:7.2.0.3
-
cpe:2.3:a:ibm:websphere:7.2.0.4
-
cpe:2.3:a:ibm:websphere:7.2.0.5