2 matches found
Security Bulletin: Unauthorized disclosure of system information in IBM Business Process Manager (BPM) 8.5.x (CVE-2014-3076)
Summary System information is provided on an unprotected diagnostic page. Vulnerability Details CVEID: CVE-2014-3076 DESCRIPTION: IBM Business Process Manager 8.5 contains an unprotected JavaServer™ Pages JSP file that returns system information to unauthenticated users. An attacker might use thi...
CVE-2014-3076
CVE-2014-3076 affects IBM Business Process Manager (BPM) 8.5 to 8.5.5. An unprotected JSP diagnostic page can disclose potentially sensitive system information to unauthenticated users, enabling information disclosure. IBM’s Security Bulletin notes vulnerable editions: BPM Standard, Express, and ...