VYPR
Get started
← All advisories
Medium severity6.5NVD Advisory· Published Sep 15, 2017· Updated May 13, 2026

CVE-2015-0110

CVE-2015-0110

Description

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

Affected products

19
  • IBM/Business Process Manager13 versions
    cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*
  • IBM/Websphere Application Server6 versions
    cpe:2.3:a:ibm:websphere_application_server:7.2.0.0:*:*:*:lombardi:*:*:*+ 5 more
    • cpe:2.3:a:ibm:websphere_application_server:7.2.0.0:*:*:*:lombardi:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.2.0.1:*:*:*:lombardi:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.2.0.2:*:*:*:lombardi:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.2.0.3:*:*:*:lombardi:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.2.0.4:*:*:*:lombardi:*:*:*
    • cpe:2.3:a:ibm:websphere_application_server:7.2.0.5:*:*:*:lombardi:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.