Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0908

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2014-0908
Last Modified 11 Apr 2014 03:21:12
Published 10 Apr 2014 07:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-0908

Summary

The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.

Vulnerable Systems

Application

  • Ibm Business Process Manager 7.5.0.0

  • Ibm Business Process Manager 7.5.0.1

  • Ibm Business Process Manager 7.5.1.0

  • Ibm Business Process Manager 7.5.1.1

  • Ibm Business Process Manager 7.5.1.2

  • Ibm Business Process Manager 8.0.0.0

  • Ibm Business Process Manager 8.0.1.0

  • Ibm Business Process Manager 8.0.1.1

  • Ibm Business Process Manager 8.0.1.2

  • Ibm Business Process Manager 8.5.0.0

  • Ibm Business Process Manager 8.5.0.1


References

XF - ibm-bpm-cve20140908-priv-escalation(91870)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21669330

AIXAPAR - JR49505


Last Updated: 27 May 2016 11:04:54