CVE-2014-4759 — IBM Business Process Manager vulnerability

CWE-2644 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 60.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager

Timeline

PublishedSep 4

Latest updateMay 17

Description

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/business_process_manager8.5.0.0, 8.5.0.1, 8.5.5.0+2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-9pc4-9w55-7vmh: An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8↗2022-05-17

▶

CVEList

CVE-2014-4759: An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8↗2014-09-04

▶