CVE-2017-1628 — Incorrect Authorization in IBM Business Process Manager

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 31.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager

Timeline

PublishedNov 27

Latest updateMay 13

Description

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm/business_process_manager8.6.0.0

▶NVDibm/business_process_manager8.6.0.0

🔴Vulnerability Details

GHSA

GHSA-f6qw-56hq-m3w6: IBM Business Process Manager 8↗2022-05-13

▶

CVEList

CVE-2017-1628: IBM Business Process Manager 8↗2017-11-27

▶