Authorization Flaw in IBM Business Process Manager
CVE-2017-1766

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager
Vendor: CVE Published:; 30 March 2018

Summary

An authorization flaw in IBM Business Process Manager 8.6 allows attackers to claim and manage ad hoc tasks that they are not assigned to, leading to potential unauthorized access and manipulation of workflows. This vulnerability can compromise data integrity and operational security by enabling users to perform actions outside their permissions.

Affected Version(s)

Business Process Manager 8.6

Business Process Manager 8.6.0.CF201712

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/136151

x_refsource_MISC

http://www.ibm.com/support/docview.wss?uid=swg22011866

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Nov 30, 2016