Path Traversal in Ibm Business_process_manager

CVE-2015-1884

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote a…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.008 (74.3th percentile) — read the EPSS interpretation.

Affected products

Ibm Business_process_manager — versions 7.5.0.0, 7.5.0.1, 7.5.1.0
Ibm Websphere — versions 7.2, 7.2.0.1, 7.2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

1032700 (vdb-entry, x_refsource_SECTRACK)
JR52957 (vendor-advisory, Patch, x_refsource_AIXAPAR, Vendor Advisory)
1032701 (vdb-entry, x_refsource_SECTRACK)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
75360 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)