3 matches found
Security Bulletin: Incorrect authorization for update of process instance variables in IBM Business Process Manager (CVE-2016-0349)
Summary Due to incorrect authorization for update of process instance variables, users without required permission can update process instance variables in IBM Business Process Manager. Vulnerability Details CVEID: CVE-2016-0349 DESCRIPTION: IBM Business Process Manager allows authenticated users...
CVE-2016-0349
IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call...
CVE-2016-0349
CVE-2016-0349 affects IBM Business Process Manager versions 8.5.6–8.5.6.2 and 8.5.7 before 8.5.7.CF201606. The issue is an incorrect authorization check that allows remote authenticated users to bypass access controls and update process-instance variables via a REST API call. Impact is restricted...