IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Business_process_manager | Ibm | 8.0.0.0 (including) | 8.0.0.0 (including) |
| Business_process_manager | Ibm | 8.0.1.0 (including) | 8.0.1.0 (including) |
| Business_process_manager | Ibm | 8.0.1.1 (including) | 8.0.1.1 (including) |
| Business_process_manager | Ibm | 8.0.1.2 (including) | 8.0.1.2 (including) |
| Business_process_manager | Ibm | 8.0.1.3 (including) | 8.0.1.3 (including) |
| Business_process_manager | Ibm | 8.5.0.0 (including) | 8.5.0.0 (including) |
| Business_process_manager | Ibm | 8.5.0.1 (including) | 8.5.0.1 (including) |
| Business_process_manager | Ibm | 8.5.5.0 (including) | 8.5.5.0 (including) |
| Business_process_manager | Ibm | 8.5.6.0 (including) | 8.5.6.0 (including) |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209
- http://www-01.ibm.com/support/docview.wss?uid=swg21960293
- http://www.securitytracker.com/id/1033159
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209
- http://www-01.ibm.com/support/docview.wss?uid=swg21960293
- http://www.securitytracker.com/id/1033159