CVE-2017-1766 — Incorrect Authorization in IBM Business Process Manager

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 73.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Process Manager

Timeline

PublishedMar 30

Latest updateMay 13

Description

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/business_process_manager8.6, 8.6.0.CF201712+1

▶NVDibm/business_process_manager6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-5pcg-54j8-35rq: Due to incorrect authorization in IBM Business Process Manager 8↗2022-05-13

▶

CVEList

CVE-2017-1766: Due to incorrect authorization in IBM Business Process Manager 8↗2018-03-30

▶