Vulnerability Details CVE-2015-1884
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.2%
CVSS Severity
CVSS v2 Score 4.0
Products affected by CVE-2015-1884
-
cpe:2.3:a:ibm:business_process_manager:7.5.0.0
-
cpe:2.3:a:ibm:business_process_manager:7.5.0.1
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.0
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.1
-
cpe:2.3:a:ibm:business_process_manager:7.5.1.2
-
cpe:2.3:a:ibm:business_process_manager:8.0.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.0
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.1
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.2
-
cpe:2.3:a:ibm:business_process_manager:8.0.1.3
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.0
-
cpe:2.3:a:ibm:business_process_manager:8.5.0.1
-
cpe:2.3:a:ibm:business_process_manager:8.5.5.0
-
cpe:2.3:a:ibm:websphere:7.2
-
cpe:2.3:a:ibm:websphere:7.2.0.1
-
cpe:2.3:a:ibm:websphere:7.2.0.2
-
cpe:2.3:a:ibm:websphere:7.2.0.3
-
cpe:2.3:a:ibm:websphere:7.2.0.4
-
cpe:2.3:a:ibm:websphere:7.2.0.5