CVE-2015-1884

Sažetak

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.

Reference

http://www.securityfocus.com/bid/75360
http://www.securitytracker.com/id/1032700
http://www.securitytracker.com/id/1032701
http://www-01.ibm.com/support/docview.wss?uid=swg1JR52957
http://www-01.ibm.com/support/docview.wss?uid=swg21700831

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-12-2016 - 02:59

Objavljeno

28-06-2015 - 14:59