3 matches found
Security Bulletin: Missing authorization concept for document upload and download in IBM Business Process Manager (BPM) CMIS integration (CVE-2015-1904)
Summary IBM Business Process Manager offers integration with external Enterprise Content Management ECM systems. If a process app is configured to always connect to an external ECM system using a predefined technical system account rather than the actual end user, then the process app developer h...
CVE-2015-1904
IBM Business Process Manager BPM 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management ECM integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypas...
CVE-2015-1904
CVE-2015-1904 affects IBM BPM (BPM) versions 8.0.x through 8.5.6.0 when external ECM integration uses a predefined technical system account, enabling remote authenticated users to bypass document-access restrictions for upload or download. The IBM security bulletin specifies a BPM CMIS integratio...