Vulnerability Details CVE-2015-7441
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.9%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.9
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760
- http://www.securitytracker.com/id/1034531
- http://www.securitytracker.com/id/1034532
- https://www-01.ibm.com/support/docview.wss?uid=swg21971968
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760
- http://www.securitytracker.com/id/1034531
- http://www.securitytracker.com/id/1034532
- https://www-01.ibm.com/support/docview.wss?uid=swg21971968
Products affected by CVE-2015-7441
-
cpe:2.3:a:ibm:business_process_manager:7.5.0.0
-
cpe:2.3:a:ibm:business_process_manager:7.5.0.1
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.0
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.1
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.2
-
cpe:2.3:a:ibm:business_process_manager:8.0.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.1
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.2
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.3
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.1
-
cpe:2.3:a:ibm:business_process_manager:8.5.5.0
-
cpe:2.3:a:ibm:business_process_manager:8.5.6.0
-
cpe:2.3:a:ibm:business_process_manager:8.5.6.1
-
cpe:2.3:a:ibm:business_process_manager:8.5.6.2
-
cpe:2.3:a:ibm:websphere_process_server:7.0