CVE-2014-6139 — IBM Business Process Manager vulnerability

CWE-2643 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 65.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager

Timeline

PublishedFeb 13

Latest updateMay 17

Description

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/business_process_manager8.0.1.3, 8.5.0.1, 8.5.5.0+2

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-gv6p-9fc2-x9m9: The Search REST API in IBM Business Process Manager 8↗2022-05-17

▶

CVEList

CVE-2014-6139: The Search REST API in IBM Business Process Manager 8↗2015-02-13

▶