3 matches found
Security Bulletin: privilege escalation in IBM Business Process Manager (BPM) - CVE-2017-1539
Summary Synchronization between the user registry and the IBM BPM database lead to invalid memberships in case there is an internal group in the IBM BPM database and a group in the user registry with the same name. Vulnerability Details CVEID: CVE-2017-1539 DESCRIPTION: IBM Business Process Manag...
CVE-2017-1539
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807...
CVE-2017-1539
IBM BPM is affected by CVE-2017-1539 for privilege escalation caused by failing to distinguish internal group memberships from user registry group memberships; manipulating LDAP group membership can grant privileged access. Affected versions include BPM 7.5.0.0–7.5.1.2, 8.0.0.0–8.0.1.3, 8.5.0.0–8...