CVE-2014-0908IBM Business Process Manager vulnerability

CWE-2643 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
0.5%
top 33.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Business Process Manager
Timeline
PublishedApr 10
Latest updateMay 17

Description

The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

NVDibm/business_process_manager11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-9qv4-6j6x-7jx5: The User Attribute implementation in IBM Business Process Manager (BPM) 72022-05-17
CVEList
CVE-2014-0908: The User Attribute implementation in IBM Business Process Manager (BPM) 72014-04-10
CVE-2014-0908 — IBM vulnerability | cvebase