CVE-2015-7441
medium
CVSS v3
6.8
CVSS v2
4.9
VIR risk
6.8
Description
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
Predictions
Exploit likelihood
77%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | business_process_manager | 7.5.0.0 | |
| ibm | business_process_manager | 7.5.0.1 | |
| ibm | business_process_manager | 7.5.1.0 | |
| ibm | business_process_manager | 7.5.1.1 | |
| ibm | business_process_manager | 7.5.1.2 | |
| ibm | business_process_manager | 8.0.0.0 | |
| ibm | business_process_manager | 8.0.1.0 | |
| ibm | business_process_manager | 8.0.1.1 | |
| ibm | business_process_manager | 8.0.1.2 | |
| ibm | business_process_manager | 8.0.1.3 | |
| ibm | business_process_manager | 8.5.0.0 | |
| ibm | business_process_manager | 8.5.0.1 | |
| ibm | business_process_manager | 8.5.5.0 | |
| ibm | business_process_manager | 8.5.6.0 | |
| ibm | business_process_manager | 8.5.6.1 | |
| ibm | business_process_manager | 8.5.6.2 | |
| ibm | websphere_process_server | 7.0 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760
- http://www.securitytracker.com/id/1034531
- http://www.securitytracker.com/id/1034532
- https://www-01.ibm.com/support/docview.wss?uid=swg21971968
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760
- http://www.securitytracker.com/id/1034531
- http://www.securitytracker.com/id/1034532
- https://www-01.ibm.com/support/docview.wss?uid=swg21971968
CWEs
CWE-17
Verify integrity in audit chain (admin only). AS-IS.