3 matches found
Security Bulletin: Incorrect authorization for stop and resume Event Manager REST API in IBM Business Process Manager (CVE-2017-1628)
Summary Due to incorrect authorization for stop and resume Event Manager REST API, users without required permission can stop and resume the Event Manager in IBM Business Process Manager. Vulnerability Details CVEID: CVE-2017-1628 DESCRIPTION: IBM Business Process Manager allows authenticated use...
CVE-2017-1628
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks...
CVE-2017-1628
Summary (CVE-2017-1628 / IBM BPM 8.6.0.0): IBM Business Process Manager exposes an incorrect authorization check on the Event Manager REST API, allowing authenticated users to stop and resume the Event Manager. The root cause is improper access controls for the stop/resume API. Impact is limited ...