CVE-2014-4844IBM Business Process Manager vulnerability

CWE-2643 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Business Process Manager
Timeline
PublishedDec 17
Latest updateMay 17

Description

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDibm/business_process_manager12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-hf8q-f7qp-4r6g: The import/export functionality in IBM Business Process Manager (BPM) 72022-05-17
CVEList
CVE-2014-4844: The import/export functionality in IBM Business Process Manager (BPM) 72014-12-17
CVE-2014-4844 — IBM vulnerability | cvebase