CVE Vulnerabilities

CVE-2015-7441

Published: Jan 01, 2016 | Modified: Dec 07, 2016
CVSS 3.x
6.8
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Business_process_manager Ibm 7.5.0.0 (including) 7.5.0.0 (including)
Business_process_manager Ibm 7.5.0.1 (including) 7.5.0.1 (including)
Business_process_manager Ibm 7.5.1.0 (including) 7.5.1.0 (including)
Business_process_manager Ibm 7.5.1.1 (including) 7.5.1.1 (including)
Business_process_manager Ibm 7.5.1.2 (including) 7.5.1.2 (including)
Business_process_manager Ibm 8.0.0.0 (including) 8.0.0.0 (including)
Business_process_manager Ibm 8.0.1.0 (including) 8.0.1.0 (including)
Business_process_manager Ibm 8.0.1.1 (including) 8.0.1.1 (including)
Business_process_manager Ibm 8.0.1.2 (including) 8.0.1.2 (including)
Business_process_manager Ibm 8.0.1.3 (including) 8.0.1.3 (including)
Business_process_manager Ibm 8.5.0.0 (including) 8.5.0.0 (including)
Business_process_manager Ibm 8.5.0.1 (including) 8.5.0.1 (including)
Business_process_manager Ibm 8.5.5.0 (including) 8.5.5.0 (including)
Business_process_manager Ibm 8.5.6.0 (including) 8.5.6.0 (including)
Business_process_manager Ibm 8.5.6.1 (including) 8.5.6.1 (including)
Business_process_manager Ibm 8.5.6.2 (including) 8.5.6.2 (including)
Websphere_process_server Ibm 7.0 (including) 7.0 (including)

References