CVE-2015-0110
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
| Software | From | Fixed in |
|---|---|---|
| ibm / business_process_manager | 8.5.0.0 | 8.5.0.0.x |
| ibm / business_process_manager | 7.5.0.0 | 7.5.0.0.x |
| ibm / business_process_manager | 8.0.1.0 | 8.0.1.0.x |
| ibm / business_process_manager | 8.0.1.1 | 8.0.1.1.x |
| ibm / business_process_manager | 8.5.5.0 | 8.5.5.0.x |
| ibm / business_process_manager | 8.0.1.3 | 8.0.1.3.x |
| ibm / business_process_manager | 7.5.1.2 | 7.5.1.2.x |
| ibm / business_process_manager | 7.5.1.1 | 7.5.1.1.x |
| ibm / business_process_manager | 8.5.0.1 | 8.5.0.1.x |
| ibm / business_process_manager | 7.5.1.0 | 7.5.1.0.x |
| ibm / business_process_manager | 8.0.0.0 | 8.0.0.0.x |
| ibm / business_process_manager | 8.0.1.2 | 8.0.1.2.x |
| ibm / business_process_manager | 7.5.0.1 | 7.5.0.1.x |
| ibm / websphere_application_server | 7.2.0.3 | 7.2.0.3.x |
| ibm / websphere_application_server | 7.2.0.1 | 7.2.0.1.x |
| ibm / websphere_application_server | 7.2.0.2 | 7.2.0.2.x |
| ibm / websphere_application_server | 7.2.0.5 | 7.2.0.5.x |
| ibm / websphere_application_server | 7.2.0.4 | 7.2.0.4.x |
| ibm / websphere_application_server | 7.2.0.0 | 7.2.0.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime