2 matches found
Security Bulletin: Information disclosure in IBM Business Process Manager (BPM) V8.5 document attachments search (CVE-2014-4759)
Summary IBM BPM document attachment queries can return document properties that contain sensitive information. Vulnerability Details CVE ID: CVE-2014-4759 DESCRIPTION: An Ajax service that is shipped with the Content Management toolkit allows users to search for IBM BPM document attachments from...
CVE-2014-4759
IBM BPM 8.5.x through 8.5.5 is affected by CVE-2014-4759 due to an Ajax service in the Content Management toolkit that allows authenticated users to perform a document-attachment search and read document properties, potentially exposing sensitive information. The vulnerability arises because quer...