CVE-2015-7441

Name of the Vulnerable Software and Affected Versions IBM WebSphere Process Server versions 7 IBM Business Process Manager Advanced versions 7.5 through 7.5.1.2 IBM Business Process Manager Advanced versions 8.0 through 8.0.1.3 IBM Business Process Manager Advanced versions 8.5.0 through 8.5.0.2 IBM Business Process Manager Advanced versions 8.5.5 through 8.5.5.0 IBM Business Process Manager Advanced versions 8.5.6 through 8.5.6.2

Description The issue is related to the Remote Artifact Loader (RAL) in IBM WebSphere Process Server and Business Process Manager Advanced, which does not properly use SSL for its HTTPS connection. This allows remote authenticated users to obtain sensitive information or modify data.

Recommendations For IBM WebSphere Process Server version 7, update the SSL configuration to ensure proper HTTPS connection. For IBM Business Process Manager Advanced versions 7.5 through 7.5.1.2, update the SSL configuration to ensure proper HTTPS connection. For IBM Business Process Manager Advanced versions 8.0 through 8.0.1.3, update the SSL configuration to ensure proper HTTPS connection. For IBM Business Process Manager Advanced versions 8.5.0 through 8.5.0.2, update the SSL configuration to ensure proper HTTPS connection. For IBM Business Process Manager Advanced versions 8.5.5 through 8.5.5.0, update the SSL configuration to ensure proper HTTPS connection. For IBM Business Process Manager Advanced versions 8.5.6 through 8.5.6.2, update the SSL configuration to ensure proper HTTPS connection.