| Title | IBM WebSphere Process Server および Business Process Manager Advanced におけるアクセス制限を回避される脆弱性 |
|---|---|
| Summary | IBM WebSphere Process Server および Business Process Manager Advanced のビジネス・スペースには、アクセス制限を回避され、任意のページまたはスペースを作成される脆弱性が存在します。 |
| Possible impacts | リモート認証されたユーザにより、アクセス制限を回避され、任意のページまたはスペースを作成される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 29, 2015, midnight |
| Registration Date | March 22, 2016, 6:03 p.m. |
| Last Update | March 22, 2016, 6:03 p.m. |
| CVSS2.0 : 警告 | |
| Score | 4 |
|---|---|
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
| IBM |
| IBM Business Process Manager 7.5.1.2 までの 7.5.x |
| IBM Business Process Manager 8.0.1.3 までの 8.0.x |
| IBM Business Process Manager 8.5.0.2 までの 8.5.0.x |
| IBM Business Process Manager 8.5.5.0 までの 8.5.5.x |
| IBM Business Process Manager 8.5.6.2 までの 8.5.6.x |
| IBM WebSphere Process Server 6.1.2.0 から 7.0.0.5 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2016年03月22日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. |
|---|---|
| Publication Date | March 21, 2016, 11:59 p.m. |
| Registration Date | Jan. 26, 2021, 2:56 p.m. |
| Last Update | Nov. 21, 2024, 11:36 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:websphere_process_server:6.1.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:6.2.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:6.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:6.1.2.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:6.1.2.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:6.1.2.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:6.2.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_process_server:6.2.0.1:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:* | |||||
| cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:* | |||||