IBM37C3E354FD951110A3F549F44A444F5227325BBBDB948E19516E34B5216D1EFDSecurity Bulletin: Insufficient authorization check for project actions in IBM Business Process Manager (CVE-2014-4844)
EPSS
Percentile
55.9%
Summary
By using IBM Business Process Manager (BPM) you can import and export process applications and toolkits. Although this functionality is available only to authorized users, the actual server side code accepts requests from lower privileged users.
Vulnerability Details
CVE ID:CVE-2014-4844
CVSS Base Score: 6.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95724> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
IBM Business Process Manager allow importing and exporting process applications and toolkits. While this functionality is only available to authorized users in the user interface, the actual server side code accepts requests from lower privileged users.
Affected Products and Versions
-
- IBM Business Process Manager Standard V7.5.x, 8.0.x 8.5.x
- IBM Business Process Manager Express V7.5.x, 8.0.x 8.5.x
- IBM Business Process Manager Advanced V7.5.x, 8.0.x 8.5.x
Remediation/Fixes
Install the interim fix for APAR JR51286 as appropriate for your current IBM Business Process Manager version. Please note that on IBM Business Process Manager 8.0.1.3 the APAR is JR52424.
* [IBM Business Process Manager Express](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR51286,JR52424>)
* [IBM Business Process Manager Standard](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR51286,JR52424>)
* [IBM Business Process Manager Advanced](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR51286,JR52424>)
Workarounds and Mitigations
None.
Related
EPSS
Percentile
55.9%