First published: Tue Jul 21 2015(Updated: )
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Process Manager | =7.5.0.0 | |
IBM Business Process Manager | =7.5.0.0 | |
IBM Business Process Manager | =7.5.0.0 | |
IBM Business Process Manager | =7.5.0.0 | |
IBM Business Process Manager | =7.5.0.1 | |
IBM Business Process Manager | =7.5.0.1 | |
IBM Business Process Manager | =7.5.0.1 | |
IBM Business Process Manager | =7.5.0.1 | |
IBM Business Process Manager | =7.5.1.0 | |
IBM Business Process Manager | =7.5.1.0 | |
IBM Business Process Manager | =7.5.1.0 | |
IBM Business Process Manager | =7.5.1.0 | |
IBM Business Process Manager | =7.5.1.1 | |
IBM Business Process Manager | =7.5.1.1 | |
IBM Business Process Manager | =7.5.1.1 | |
IBM Business Process Manager | =7.5.1.1 | |
IBM Business Process Manager | =7.5.1.2 | |
IBM Business Process Manager | =7.5.1.2 | |
IBM Business Process Manager | =7.5.1.2 | |
IBM Business Process Manager | =7.5.1.2 | |
IBM Business Process Manager | =8.0.0.0 | |
IBM Business Process Manager | =8.0.0.0 | |
IBM Business Process Manager | =8.0.0.0 | |
IBM Business Process Manager | =8.0.0.0 | |
IBM Business Process Manager | =8.0.1.0 | |
IBM Business Process Manager | =8.0.1.0 | |
IBM Business Process Manager | =8.0.1.0 | |
IBM Business Process Manager | =8.0.1.0 | |
IBM Business Process Manager | =8.0.1.1 | |
IBM Business Process Manager | =8.0.1.1 | |
IBM Business Process Manager | =8.0.1.1 | |
IBM Business Process Manager | =8.0.1.1 | |
IBM Business Process Manager | =8.0.1.2 | |
IBM Business Process Manager | =8.0.1.2 | |
IBM Business Process Manager | =8.0.1.2 | |
IBM Business Process Manager | =8.0.1.2 | |
IBM Business Process Manager | =8.0.1.3 | |
IBM Business Process Manager | =8.0.1.3 | |
IBM Business Process Manager | =8.0.1.3 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.0.1 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-1905 has a medium severity rating due to its potential for unauthorized access by authenticated users.
To mitigate CVE-2015-1905, users should apply the latest IBM Business Process Manager patches that address this vulnerability.
CVE-2015-1905 affects IBM Business Process Manager versions 7.5.x up to 7.5.1.2, 8.0.x up to 8.0.1.3, and 8.5.x up to 8.5.6.0.
CVE-2015-1905 is an access control vulnerability that allows remote authenticated users to bypass security restrictions.
At the time of its disclosure, there were no publicly known exploits for CVE-2015-1905.