2 matches found
Security Bulletin: Missing authorization concept for IBM Business Process Manager (BPM) User Attributes CVE-2014-0908
Summary The User Attribute feature in IBM Business Process Manager does not have an authorization concept. Vulnerability Details As a consequence, each user can read and update their own attribute values and the attribute values for another user by using REST APIs. However, there are...
CVE-2014-0908
IBM BPM's User Attribute feature (Standard/Express/Advanced) across 7.5.x, 8.0.x, 8.5.x does not enforce authorization for read/write of attribute values via REST, enabling remote authenticated users to read or modify attributes and affect email notifications or task assignments. Affected version...