CVE-2015-7454

Name of the Vulnerable Software and Affected Versions IBM WebSphere Process Server versions 6.1.2.0 through 7.0.0.5 IBM Business Process Manager Advanced versions 7.5.x through 7.5.1.2 IBM Business Process Manager Advanced versions 8.0.x through 8.0.1.3 IBM Business Process Manager Advanced versions 8.5.0.x through 8.5.0.2 IBM Business Process Manager Advanced versions 8.5.5.x through 8.5.5.0 IBM Business Process Manager Advanced versions 8.5.6.x through 8.5.6.2

Description The issue is related to insufficient access control in the Business Space component of IBM WebSphere Process Server and Business Process Manager. This allows remote authenticated users to bypass intended access restrictions and create arbitrary pages or spaces.

Recommendations For IBM WebSphere Process Server versions 6.1.2.0 through 7.0.0.5, update to a version outside of this range to resolve the issue. For IBM Business Process Manager Advanced versions 7.5.x through 7.5.1.2, update to a version outside of this range to resolve the issue. For IBM Business Process Manager Advanced versions 8.0.x through 8.0.1.3, update to a version outside of this range to resolve the issue. For IBM Business Process Manager Advanced versions 8.5.0.x through 8.5.0.2, update to a version outside of this range to resolve the issue. For IBM Business Process Manager Advanced versions 8.5.5.x through 8.5.5.0, update to a version outside of this range to resolve the issue. For IBM Business Process Manager Advanced versions 8.5.6.x through 8.5.6.2, update to a version outside of this range to resolve the issue.