Authorization Flaw in IBM Business Process Manager
CVE-2017-1766
4.3MEDIUM
Summary
An authorization flaw in IBM Business Process Manager 8.6 allows attackers to claim and manage ad hoc tasks that they are not assigned to, leading to potential unauthorized access and manipulation of workflows. This vulnerability can compromise data integrity and operational security by enabling users to perform actions outside their permissions.
Affected Version(s)
Business Process Manager 8.6
Business Process Manager 8.6.0.CF201712
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved