Privilege Escalation Vulnerability in IBM Business Process Manager
CVE-2017-1539

8.8HIGH

Key Information:

Vendor
IBM
Status
Business Process Manager Advanced
Vendor
CVE Published:
22 September 2017

Summary

IBM Business Process Manager versions 7.5, 8.0, and 8.5 are susceptible to a privilege escalation vulnerability. This issue arises due to the improper distinction between internal group memberships and user registry group memberships, enabling an attacker to manipulate LDAP group memberships. By exploiting this vulnerability, an attacker could gain enhanced privileges, fundamentally compromising the integrity of the system. For more detailed information, refer to IBM's support resources and relevant security advisories.

Affected Version(s)

Business Process Manager Advanced 7.5

Business Process Manager Advanced 7.5.0.1

Business Process Manager Advanced 7.5.1

References

http://www.securityfocus.com/bid/100967
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22007451
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/130807
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.