CVE-2015-0110
First published: Fri Sep 15 2017(Updated: )
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Business Process Manager | =7.5.0.0 | |
| IBM Business Process Manager | =7.5.0.1 | |
| IBM Business Process Manager | =7.5.1.0 | |
| IBM Business Process Manager | =7.5.1.1 | |
| IBM Business Process Manager | =7.5.1.2 | |
| IBM Business Process Manager | =8.0.0.0 | |
| IBM Business Process Manager | =8.0.1.0 | |
| IBM Business Process Manager | =8.0.1.1 | |
| IBM Business Process Manager | =8.0.1.2 | |
| IBM Business Process Manager | =8.0.1.3 | |
| IBM Business Process Manager | =8.5.0.0 | |
| IBM Business Process Manager | =8.5.0.1 | |
| IBM Business Process Manager | =8.5.5.0 | |
| Ibm Websphere Application Server | =7.2.0.0 | |
| Ibm Websphere Application Server | =7.2.0.1 | |
| Ibm Websphere Application Server | =7.2.0.2 | |
| Ibm Websphere Application Server | =7.2.0.3 | |
| Ibm Websphere Application Server | =7.2.0.4 | |
| Ibm Websphere Application Server | =7.2.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0110?
CVE-2015-0110 has a medium severity rating, indicating a moderate risk level for potential exploitation.
How do I fix CVE-2015-0110?
To fix CVE-2015-0110, apply the relevant patches provided by IBM for your version of Business Process Manager or WebSphere Lombardi Edition.
Who can be affected by CVE-2015-0110?
CVE-2015-0110 primarily affects remote authenticated users who can exploit the vulnerability to bypass access restrictions.
What software versions are vulnerable to CVE-2015-0110?
CVE-2015-0110 impacts IBM Business Process Manager versions 7.5.x, 8.0.x, 8.5.x, and WebSphere Lombardi Edition 7.2.x.
What are the potential consequences of CVE-2015-0110 exploitation?
Successful exploitation of CVE-2015-0110 could allow unauthorized access to internal service types, compromising data integrity and security.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- agent/source
- vendor/ibm
- canonical/ibm business process manager
- version/ibm business process manager/7.5.0.0
- version/ibm business process manager/7.5.0.1
- version/ibm business process manager/7.5.1.0
- version/ibm business process manager/7.5.1.1
- version/ibm business process manager/7.5.1.2
- version/ibm business process manager/8.0.0.0
- version/ibm business process manager/8.0.1.0
- version/ibm business process manager/8.0.1.1
- version/ibm business process manager/8.0.1.2
- version/ibm business process manager/8.0.1.3
- version/ibm business process manager/8.5.0.0
- version/ibm business process manager/8.5.0.1
- version/ibm business process manager/8.5.5.0
- canonical/ibm websphere application server
- version/ibm websphere application server/7.2.0.0
- version/ibm websphere application server/7.2.0.1
- version/ibm websphere application server/7.2.0.2
- version/ibm websphere application server/7.2.0.3
- version/ibm websphere application server/7.2.0.4
- version/ibm websphere application server/7.2.0.5