Privilege Escalation Vulnerability in IBM Business Process Manager
CVE-2017-1539
8.8HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 22 September 2017
Summary
IBM Business Process Manager versions 7.5, 8.0, and 8.5 are susceptible to a privilege escalation vulnerability. This issue arises due to the improper distinction between internal group memberships and user registry group memberships, enabling an attacker to manipulate LDAP group memberships. By exploiting this vulnerability, an attacker could gain enhanced privileges, fundamentally compromising the integrity of the system. For more detailed information, refer to IBM's support resources and relevant security advisories.
Affected Version(s)
Business Process Manager Advanced 7.5
Business Process Manager Advanced 7.5.0.1
Business Process Manager Advanced 7.5.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved