Lucene search
HistoryMay 25, 2015 - 2:59 p.m.
CVE-2015-0156
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
35.3%
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Affected configurations
Node
ibmwebsphereMatch7.2lombardi
ORibmwebsphereMatch7.2.0.1lombardi
ORibmwebsphereMatch7.2.0.2lombardi
ORibmwebsphereMatch7.2.0.3lombardi
ORibmwebsphereMatch7.2.0.4lombardi
ORibmwebsphereMatch7.2.0.5lombardi
Node
ibmbusiness_process_managerMatch7.5.0.0
ORibmbusiness_process_managerMatch7.5.0.0advanced
ORibmbusiness_process_managerMatch7.5.0.0express
ORibmbusiness_process_managerMatch7.5.0.0standard
ORibmbusiness_process_managerMatch7.5.0.1
ORibmbusiness_process_managerMatch7.5.0.1advanced
ORibmbusiness_process_managerMatch7.5.0.1express
ORibmbusiness_process_managerMatch7.5.0.1standard
ORibmbusiness_process_managerMatch7.5.1.0
ORibmbusiness_process_managerMatch7.5.1.0advanced
ORibmbusiness_process_managerMatch7.5.1.0express
ORibmbusiness_process_managerMatch7.5.1.0standard
ORibmbusiness_process_managerMatch7.5.1.1
ORibmbusiness_process_managerMatch7.5.1.1advanced
ORibmbusiness_process_managerMatch7.5.1.1express
ORibmbusiness_process_managerMatch7.5.1.1standard
ORibmbusiness_process_managerMatch7.5.1.2
ORibmbusiness_process_managerMatch7.5.1.2advanced
ORibmbusiness_process_managerMatch7.5.1.2express
ORibmbusiness_process_managerMatch7.5.1.2standard
ORibmbusiness_process_managerMatch8.0.0.0
ORibmbusiness_process_managerMatch8.0.0.0advanced
ORibmbusiness_process_managerMatch8.0.0.0express
ORibmbusiness_process_managerMatch8.0.0.0standard
ORibmbusiness_process_managerMatch8.0.1.0
ORibmbusiness_process_managerMatch8.0.1.0advanced
ORibmbusiness_process_managerMatch8.0.1.0express
ORibmbusiness_process_managerMatch8.0.1.0standard
ORibmbusiness_process_managerMatch8.0.1.1
ORibmbusiness_process_managerMatch8.0.1.1advanced
ORibmbusiness_process_managerMatch8.0.1.1express
ORibmbusiness_process_managerMatch8.0.1.1standard
ORibmbusiness_process_managerMatch8.0.1.2
ORibmbusiness_process_managerMatch8.0.1.2advanced
ORibmbusiness_process_managerMatch8.0.1.2express
ORibmbusiness_process_managerMatch8.0.1.2standard
ORibmbusiness_process_managerMatch8.0.1.3advanced
ORibmbusiness_process_managerMatch8.0.1.3express
ORibmbusiness_process_managerMatch8.0.1.3standard
ORibmbusiness_process_managerMatch8.5.0.0
ORibmbusiness_process_managerMatch8.5.0.0advanced
ORibmbusiness_process_managerMatch8.5.0.0express
ORibmbusiness_process_managerMatch8.5.0.0standard
ORibmbusiness_process_managerMatch8.5.0.1
ORibmbusiness_process_managerMatch8.5.0.1advanced
ORibmbusiness_process_managerMatch8.5.0.1express
ORibmbusiness_process_managerMatch8.5.0.1standard
ORibmbusiness_process_managerMatch8.5.5.0
ORibmbusiness_process_managerMatch8.5.5.0advanced
ORibmbusiness_process_managerMatch8.5.5.0express
ORibmbusiness_process_managerMatch8.5.5.0standard
ORibmbusiness_process_managerMatch8.5.6.0
ORibmbusiness_process_managerMatch8.5.6.0advanced
ORibmbusiness_process_managerMatch8.5.6.0express
ORibmbusiness_process_managerMatch8.5.6.0standard
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere | 7.2 | cpe:2.3:a:ibm:websphere:7.2:*:*:*:lombardi:*:*:* |
| ibm | websphere | 7.2.0.1 | cpe:2.3:a:ibm:websphere:7.2.0.1:*:*:*:lombardi:*:*:* |
| ibm | websphere | 7.2.0.2 | cpe:2.3:a:ibm:websphere:7.2.0.2:*:*:*:lombardi:*:*:* |
| ibm | websphere | 7.2.0.3 | cpe:2.3:a:ibm:websphere:7.2.0.3:*:*:*:lombardi:*:*:* |
| ibm | websphere | 7.2.0.4 | cpe:2.3:a:ibm:websphere:7.2.0.4:*:*:*:lombardi:*:*:* |
| ibm | websphere | 7.2.0.5 | cpe:2.3:a:ibm:websphere:7.2.0.5:*:*:*:lombardi:*:*:* |
| ibm | business_process_manager | 7.5.0.0 | cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:* |
| ibm | business_process_manager | 7.5.0.0 | cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:* |
| ibm | business_process_manager | 7.5.0.0 | cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:* |
| ibm | business_process_manager | 7.5.0.0 | cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:* |
Related
cve
cve
CVE-2015-0156
2015-05-25 14:59:09
ibm
ibm
cvelist
cvelist
CVE-2015-0156
2015-05-25 14:00:00
prion
prion
Cross site scripting
2015-05-25 14:59:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
35.3%
Related for NVD:CVE-2015-0156