First published: Fri Sep 15 2017(Updated: )
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Process Manager | =7.5.0.0 | |
IBM Business Process Manager | =7.5.0.1 | |
IBM Business Process Manager | =7.5.1.0 | |
IBM Business Process Manager | =7.5.1.1 | |
IBM Business Process Manager | =7.5.1.2 | |
IBM Business Process Manager | =8.0.0.0 | |
IBM Business Process Manager | =8.0.1.0 | |
IBM Business Process Manager | =8.0.1.1 | |
IBM Business Process Manager | =8.0.1.2 | |
IBM Business Process Manager | =8.0.1.3 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.5.0 | |
Ibm Websphere Application Server | =7.2.0.0 | |
Ibm Websphere Application Server | =7.2.0.1 | |
Ibm Websphere Application Server | =7.2.0.2 | |
Ibm Websphere Application Server | =7.2.0.3 | |
Ibm Websphere Application Server | =7.2.0.4 | |
Ibm Websphere Application Server | =7.2.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.