Miembros de
Boletines de Vulnerabilidades |
IBM Security Bulletin: Insufficient authorization check for project actions in IBM Business Process Manager (CVE-2014-4844) |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
By using IBM Business Process Manager (BPM) you can import and export process applications and toolkits. Although this functionality is available only to authorized users, the actual server side code accepts requests from lower privileged users. CVE(s): CVE-2014-4844 Affected product(s) and affected version(s): IBM Business Process Manager Standard V7.5.x, 8.0.x 8.5.x IBM Business Process Manager Express V7.5.x, 8.0.x 8.5.x IBM Business Process Manager Advanced V7.5.x, 8.0.x 8.5.x More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_insufficient_authorization_check_for_project_actions_in_ibm_business_process_manager_cve_2014_4844?lang=en_us |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2014-4844 ,CVE-2014-3508 ,CVE-2014-3509 ,CVE-2014-3511 ,CVE-2014-5139 ,CVE-2014-3505 ,CVE-2014-3506 ,CVE-2014-3507 and CVE-2014-3510. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2014-12-19 |