CVE-2015-1961

high

Description

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.

References

http://www.securitytracker.com/id/1032972

http://www.securityfocus.com/bid/75536

http://www-01.ibm.com/support/docview.wss?uid=swg21959052

http://www-01.ibm.com/support/docview.wss?uid=swg1JR53356

Details

Source: Mitre, NVD

Published: 2015-07-13

Updated: 2026-05-06

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Severity: High

EPSS

EPSS: 0.00293