Security Bulletin
Summary
IBM Business Process Manager is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition. Information about multiple security vulnerabilities affecting IBM Business Process Manager have been published in a security bulletin.
Vulnerability Details
Review the Security Bulletin: Multiple security vulnerabilities in Business Space affect IBM Business Process Manager and WebSphere Process Server for vulnerability details and information about fixes.
Affected Products and Versions
|
Principal Product and Version(s) | Affected Supporting Product and Version |
| IBM Cloud Orchestrator V2.5, V2.5.0.1,V2.4.0.3 | IBM Business Process Manager Standard V8.5.6 |
| IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.4.0.3 | IBM Business Process Manager Standard V8.5.6 |
| IBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2 | IBM Business Process Manager Standard V8.5.0.1 |
| IBM Cloud Orchestrator Enterprise Edition V2.4, V2.4.0.1, V2.4.0.2 | IBM Business Process Manager Standard V8.5.0.1 |
| IBM SmartCloud Orchestrator V2.3, v2.3.0.1, and V2.3.0.1 and V2.3.0.1 from Interim Fix1 through Interim Fix 9 | IBM Business Process Manager Standard V8.5 |
| IBM SmartCloud Orchestrator Enterprise Edition V2.3, v2.3.0.1 and V2.3.0.1 from Interim Fix1 through Interim Fix 9 | IBM Business Process Manager Standard V8.5 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
* 2 April 2016: Updated Principal Products and Version(s)
* 09 February 2016: Original copy published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
CVE-IDs: CVE-2015-7454, CVE-2015-7400, CVE-2015-7407
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg2C1000028