3 matches found
Security Bulletin: Incorrect authorization in IBM Business Process Manager (BPM) Saved Search Admin (CVE-2014-4802)
Summary When you create and run a saved search from the Saved Search Admin tab of the Process Admin Console, the result set might contain tasks or instances that the current user is not authorized to see. Vulnerability Details CVE ID:CVE-2014-4802 DESCRIPTION: IBM Business Process Manager Saved...
CVE-2014-4802
The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager BPM 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by...
CVE-2014-4802
IBM BPM Saved Search Admin in Process Admin Console (BPM 8.0–8.5.5) suffers an authorization vulnerability: authenticated users can obtain unfiltered result sets from saved searches, potentially exposing tasks and instances that they are not permitted to see. The weakness arises in the Saved Sear...