IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.securityfocus.com/bid/73274 | Third Party Advisory VDB Entry | 
| https://www-304.ibm.com/support/docview.wss?uid=swg21694940 | Vendor Advisory | 
| http://www.securityfocus.com/bid/73274 | Third Party Advisory VDB Entry | 
| https://www-304.ibm.com/support/docview.wss?uid=swg21694940 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2017-09-15 20:29
Updated : 2025-04-20 01:37
NVD link : CVE-2015-0110
Mitre link : CVE-2015-0110
CVE.ORG link : CVE-2015-0110
JSON object : View
Products Affected
                ibm
- websphere_application_server
- business_process_manager
CWE
                
                    
                        
                        CWE-284
                        
            Improper Access Control
