CVE-2017-1539

3 documents3 sources
Severity
8.8HIGH
EPSS
0.6%
top 30.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Business Process Manager AdvancedIBM Business Process Manager
Timeline
PublishedSep 26
Latest updateMay 13

Description

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDibm/business_process_manager18 versions+17
CVEListV5ibm/business_process_manager_advanced23 versions+22

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-3xh8-3p84-p59c: IBM Business Process Manager 72022-05-13
CVEList
CVE-2017-1539: IBM Business Process Manager 72017-09-26
CVE-2017-1539 (HIGH CVSS 8.8) | IBM Business Process Manager 7.5 | cvebase.io