An API to delete process and task data is incorrectly available for non administrative users.
CVEID: CVE-2015-7463**
DESCRIPTION:** IBM Business Process Manager could allow an authenticated user to delete process and task data through a command that should only be available to administrators.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/108393> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Install the interim fixes for APAR JR54823 as appropriate for your current IBM Business Process Manager version.
Please note that the fixes for 8.5.6.0 can be included in a future cumulative fix. See Fix list for the IBM Business Process Manager Version 8.5 products,
None