CVE-2017-1346Sensitive Information Exposure in IBM Business Process Manager

CWE-200Sensitive Information ExposureCWE-362Race Condition4 documents4 sources
Severity
2.5LOWNVD
EPSS
0.0%
top 87.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Business Process Manager
Timeline
PublishedSep 25
Latest updateMay 17

Description

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages1 packages

NVDibm/business_process_manager18 versions+17

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-8pff-r625-chrq: IBM Business Process Manager 72022-05-17
CVEList
CVE-2017-1346: IBM Business Process Manager 72017-09-25

💥Exploits & PoCs

1
Exploit-DB
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free2017-11-22
CVE-2017-1346 — Sensitive Information Exposure in IBM | cvebase