CVE-2015-1905

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager (BPM) versions 7.5.x through 7.5.1.2 IBM Business Process Manager (BPM) versions 8.0.x through 8.0.1.3 IBM Business Process Manager (BPM) versions 8.5.0 through 8.5.0.1 IBM Business Process Manager (BPM) versions 8.5.5 through 8.5.5.0 IBM Business Process Manager (BPM) versions 8.5.6 through 8.5.6.0

Description The issue is related to the REST API in IBM Business Process Manager, which allows remote authenticated users to bypass intended access restrictions. This can be achieved via unspecified vectors, potentially allowing an attacker to circumvent existing access limitations.

Recommendations For versions 7.5.x through 7.5.1.2, update to a version outside of this range to resolve the issue. For versions 8.0.x through 8.0.1.3, update to a version outside of this range to resolve the issue. For versions 8.5.0 through 8.5.0.1, update to a version outside of this range to resolve the issue. For versions 8.5.5 through 8.5.5.0, update to a version outside of this range to resolve the issue. For versions 8.5.6 through 8.5.6.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the REST API until a patch is available.