Authorization Flaw in IBM Business Process Manager
CVE-2017-1766

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
30 March 2018

Summary

An authorization flaw in IBM Business Process Manager 8.6 allows attackers to claim and manage ad hoc tasks that they are not assigned to, leading to potential unauthorized access and manipulation of workflows. This vulnerability can compromise data integrity and operational security by enabling users to perform actions outside their permissions.

Affected Version(s)

Business Process Manager 8.6

Business Process Manager 8.6.0.CF201712

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.