By using IBM Business Process Manager (BPM) you can import and export process applications and toolkits. Although this functionality is available only to authorized users, the actual server side code accepts requests from lower privileged users.
CVE ID:CVE-2014-4844
CVSS Base Score: 6.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95724> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
IBM Business Process Manager allow importing and exporting process applications and toolkits. While this functionality is only available to authorized users in the user interface, the actual server side code accepts requests from lower privileged users.
Install the interim fix for APAR JR51286 as appropriate for your current IBM Business Process Manager version. Please note that on IBM Business Process Manager 8.0.1.3 the APAR is JR52424.
* [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR51286,JR52424>)
* [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR51286,JR52424>)
* [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR51286,JR52424>)
None.