CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1904

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.9%

CVSS Severity

CVSS v2 Score 3.5

References

Products affected by CVE-2015-1904

Ibm » Business Process Manager » Version: 8.0.0.0

cpe:2.3:a:ibm:business_process_manager:8.0.0.0
Ibm » Business Process Manager » Version: 8.0.1.0

cpe:2.3:a:ibm:business_process_manager:8.0.1.0
Ibm » Business Process Manager » Version: 8.0.1.1

cpe:2.3:a:ibm:business_process_manager:8.0.1.1
Ibm » Business Process Manager » Version: 8.0.1.2

cpe:2.3:a:ibm:business_process_manager:8.0.1.2
Ibm » Business Process Manager » Version: 8.0.1.3

cpe:2.3:a:ibm:business_process_manager:8.0.1.3
Ibm » Business Process Manager » Version: 8.5.0.0

cpe:2.3:a:ibm:business_process_manager:8.5.0.0
Ibm » Business Process Manager » Version: 8.5.0.1

cpe:2.3:a:ibm:business_process_manager:8.5.0.1
Ibm » Business Process Manager » Version: 8.5.5.0

cpe:2.3:a:ibm:business_process_manager:8.5.5.0
Ibm » Business Process Manager » Version: 8.5.6.0

cpe:2.3:a:ibm:business_process_manager:8.5.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1904

Products

Pricing

Contact Us