CVE Vulnerabilities

CVE-2014-4802

Published: Oct 07, 2014 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.

Affected Software

Name Vendor Start Version End Version
Business_process_manager Ibm 8.0.0.0 (including) 8.0.0.0 (including)
Business_process_manager Ibm 8.0.1.0 (including) 8.0.1.0 (including)
Business_process_manager Ibm 8.0.1.1 (including) 8.0.1.1 (including)
Business_process_manager Ibm 8.0.1.2 (including) 8.0.1.2 (including)
Business_process_manager Ibm 8.0.1.3 (including) 8.0.1.3 (including)
Business_process_manager Ibm 8.5.0.0 (including) 8.5.0.0 (including)
Business_process_manager Ibm 8.5.0.1 (including) 8.5.0.1 (including)
Business_process_manager Ibm 8.5.5.0 (including) 8.5.5.0 (including)

References