2 matches found
Security Bulletin: IBM Business Process Manager authorization checks for process and task deletion are insufficient (CVE-2015-7463)
Summary An API to delete process and task data is incorrectly available for non administrative users. Vulnerability Details CVEID: CVE-2015-7463 DESCRIPTION: IBM Business Process Manager could allow an authenticated user to delete process and task data through a command that should only be...
CVE-2015-7463
IBM Business Process Manager versions 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 up to cumulative fix 2 suffer an authorization flaw that allows remote authenticated users to delete process and task data by bypassing proper authorization checks. Root cause: insufficient authorization for delete oper...