Lucene search
IBMFC0197D7207A5611B1ECB93342E862EE5416837AEB562C66EF99563589C66DF7HistoryJun 15, 2018 - 7:05 a.m.
Security Bulletin: Incorrect authorization for update of process instance variables in IBM Business Process Manager (CVE-2016-0349)
2018-06-1507:05:26
www.ibm.com
7
EPSS
0.001
Percentile
46.5%
Summary
Due to incorrect authorization for update of process instance variables, users without required permission can update process instance variables in IBM Business Process Manager.
Vulnerability Details
CVEID: CVE-2016-0349**
DESCRIPTION:** IBM Business Process Manager allows authenticated users to update process instance variables by calling a REST API with incorrect authorization checks.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111817 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
-
- IBM Business Process Manager V8.5.7
- IBM Business Process Manager V8.5.6 through V8.5.6.0 cumulative fix 2
Remediation/Fixes
Install the interim fixes for APAR JR55701 as appropriate for your current IBM Business Process Manager version.
- IBM Business Process Manager Express
- IBM Business Process Manager Standard
- IBM Business Process Manager Advanced
- Please note that the fix might be included in a cumulative fix.
Workarounds and Mitigations
None
Related
nvd
nvd
CVE-2016-0349
2016-06-30 01:59:01
prion
prion
Design/Logic Flaw
2016-06-30 01:59:00
cve
cve
CVE-2016-0349
2016-06-30 01:59:01
cvelist
cvelist
CVE-2016-0349
2016-06-30 01:00:00
EPSS
0.001
Percentile
46.5%
Related for FC0197D7207A5611B1ECB93342E862EE5416837AEB562C66EF99563589C66DF7