What is the severity of CVE-2015-7454?

CVE-2015-7454 is rated as a medium severity vulnerability.

How do I fix CVE-2015-7454?

To fix CVE-2015-7454, apply the latest patches provided by IBM for the affected versions of WebSphere Process Server and Business Process Manager.

Which versions are affected by CVE-2015-7454?

CVE-2015-7454 affects IBM WebSphere Process Server versions 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced versions 7.5.x through 8.5.6.2.

What kind of access does CVE-2015-7454 allow attackers?

CVE-2015-7454 allows remote authenticated users to bypass intended access restrictions, potentially leading to unauthorized actions within the application.

Is CVE-2015-7454 a remote or local vulnerability?

CVE-2015-7454 is classified as a remote vulnerability, as it can be exploited by authenticated users accessing the system over the network.

Vulnerability/
CVE-2015-7454

medium

4.3

CWE

264

21/3/2016

6/8/2024

CVE-2015-7454

First published: Mon Mar 21 2016(Updated: )

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Process Server	=6.1.2
IBM WebSphere Process Server	=6.1.2.1
IBM WebSphere Process Server	=6.1.2.2
IBM WebSphere Process Server	=6.1.2.3
IBM WebSphere Process Server	=6.2
IBM WebSphere Process Server	=6.2.0.1
IBM WebSphere Process Server	=6.2.0.2
IBM WebSphere Process Server	=6.2.0.3
IBM WebSphere Process Server	=7.0
IBM WebSphere Process Server	=7.0.0.1
IBM WebSphere Process Server	=7.0.0.2
IBM WebSphere Process Server	=7.0.0.3
IBM WebSphere Process Server	=7.0.0.4
IBM WebSphere Process Server	=7.0.0.5
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.2

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21972005

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-7454?
CVE-2015-7454 is rated as a medium severity vulnerability.
How do I fix CVE-2015-7454?
To fix CVE-2015-7454, apply the latest patches provided by IBM for the affected versions of WebSphere Process Server and Business Process Manager.
Which versions are affected by CVE-2015-7454?
CVE-2015-7454 affects IBM WebSphere Process Server versions 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced versions 7.5.x through 8.5.6.2.
What kind of access does CVE-2015-7454 allow attackers?
CVE-2015-7454 allows remote authenticated users to bypass intended access restrictions, potentially leading to unauthorized actions within the application.
Is CVE-2015-7454 a remote or local vulnerability?
CVE-2015-7454 is classified as a remote vulnerability, as it can be exploited by authenticated users accessing the system over the network.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/remedy
agent/weakness
agent/tags
agent/first-publish-date
agent/event
agent/description
agent/source
vendor/ibm
canonical/ibm websphere process server
version/ibm websphere process server/6.1.2
version/ibm websphere process server/6.1.2.1
version/ibm websphere process server/6.1.2.2
version/ibm websphere process server/6.1.2.3
version/ibm websphere process server/6.2
version/ibm websphere process server/6.2.0.1
version/ibm websphere process server/6.2.0.2
version/ibm websphere process server/6.2.0.3
version/ibm websphere process server/7.0
version/ibm websphere process server/7.0.0.1
version/ibm websphere process server/7.0.0.2
version/ibm websphere process server/7.0.0.3
version/ibm websphere process server/7.0.0.4
version/ibm websphere process server/7.0.0.5
canonical/ibm business process manager
version/ibm business process manager/7.5.0.0
version/ibm business process manager/7.5.0.1
version/ibm business process manager/7.5.1.0
version/ibm business process manager/7.5.1.1
version/ibm business process manager/7.5.1.2
version/ibm business process manager/8.0.0.0
version/ibm business process manager/8.0.1.0
version/ibm business process manager/8.0.1.1
version/ibm business process manager/8.0.1.2
version/ibm business process manager/8.0.1.3
version/ibm business process manager/8.5.0.0
version/ibm business process manager/8.5.0.1
version/ibm business process manager/8.5.0.2
version/ibm business process manager/8.5.5.0
version/ibm business process manager/8.5.6.0
version/ibm business process manager/8.5.6.1
version/ibm business process manager/8.5.6.2

Frequently Asked Questions

What is the severity of CVE-2015-7454?
CVE-2015-7454 is rated as a medium severity vulnerability.
How do I fix CVE-2015-7454?
To fix CVE-2015-7454, apply the latest patches provided by IBM for the affected versions of WebSphere Process Server and Business Process Manager.
Which versions are affected by CVE-2015-7454?
CVE-2015-7454 affects IBM WebSphere Process Server versions 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced versions 7.5.x through 8.5.6.2.
What kind of access does CVE-2015-7454 allow attackers?
CVE-2015-7454 allows remote authenticated users to bypass intended access restrictions, potentially leading to unauthorized actions within the application.
Is CVE-2015-7454 a remote or local vulnerability?
CVE-2015-7454 is classified as a remote vulnerability, as it can be exploited by authenticated users accessing the system over the network.

CVE-2015-7454

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-7454?

How do I fix CVE-2015-7454?

Which versions are affected by CVE-2015-7454?

What kind of access does CVE-2015-7454 allow attackers?

Is CVE-2015-7454 a remote or local vulnerability?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2015-7454?

How do I fix CVE-2015-7454?

Which versions are affected by CVE-2015-7454?

What kind of access does CVE-2015-7454 allow attackers?

Is CVE-2015-7454 a remote or local vulnerability?