CVE-2017-1756Sensitive Information Exposure in IBM Business Process Manager

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.3LOWNVD
CNA4.0
EPSS
0.1%
top 82.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Business Process ManagerIBM Business Process Manager Enterprise Service BUSIBM Websphere
Timeline
PublishedMar 30
Latest updateMay 13

Description

IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

NVDibm/business_process_manager19 versions+18
NVDibm/websphere6 versions+5

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-wcfm-jr3p-8gv3: IBM Business Process Manager 82022-05-13
CVEList
CVE-2017-1756: IBM Business Process Manager 82018-03-30
CVE-2017-1756 — Sensitive Information Exposure in IBM | cvebase