CVE-2017-1765 — Sensitive Information Exposure in IBM Business Process Manager

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

CNA3.1

EPSS

0.3%

top 44.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager IBM Business Process Manager Enterprise Service BUS

Timeline

PublishedMar 30

Latest updateMay 13

Description

IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5ibm/business_process_manager8.6

▶NVDibm/business_process_manager14 versions+13

▶NVDibm/business_process_manager_enterprise_service_bus8.6.0.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-m77j-4pv3-h3jj: IBM Business Process Manager 8↗2022-05-13

▶

CVEList

CVE-2017-1765: IBM Business Process Manager 8↗2018-03-30

▶