Local File Storage Vulnerability in IBM Business Process Manager
CVE-2017-1756

4MEDIUM

Key Information:

Vendor
IBM
Status
Business Process Manager
Vendor
CVE Published:
30 March 2018

Summary

The IBM Business Process Manager version 8.6 has a potential security flaw that permits users to store web pages locally. This could allow unauthorized users on the same system to access these files, leading to potential information exposure. Organizations using this product should take precautions to mitigate risks associated with local file accessibility.

Affected Version(s)

Business Process Manager 8.6

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/135856
x_refsource_MISC
http://www.securityfocus.com/bid/103589
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22010796
x_refsource_CONFIRM

CVSS V3.1

Score:
4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.