Description
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.
CVSS breakdown
CVSS 3.0
Integrity
None
Attack Vector
Network
Availability
None
User Interaction
None
Privileges Required
Low
Scope
Unchanged
Confidentiality
Low
Attack Complexity
Low
RC
Changed
E
Unchanged
RL
O
Affected products
- ibm / business_automation_workflow18.0.0.0 – 18.0.0.0
- ibm / business_automation_workflow19.0.0.1 – 19.0.0.1
- ibm / Business Process Manager Standard8.5.7.CF201703 – 8.5.7.CF201703
- ibm / Business Process Manager Standard8.5.7.CF201612 – 8.5.7.CF201612
- ibm / Business Process Manager Standard8.5.7.CF201609 – 8.5.7.CF201609
- ibm / Business Process Manager Standard8.5.7.CF201606 – 8.5.7.CF201606
- ibm / Business Process Manager Standard8.5.7 – 8.5.7
- ibm / Business Process Manager Standard8.5.6.2 – 8.5.6.2
- ibm / Business Process Manager Standard8.5.6.1 – 8.5.6.1
- ibm / Business Process Manager Standard8.5.6 – 8.5.6
- ibm / Business Process Manager Standard8.5.5 – 8.5.5
- ibm / Business Process Manager Standard8.5.0.2 – 8.5.0.2
- ibm / Business Process Manager Standard8.5.0.1 – 8.5.0.1
- ibm / Business Process Manager Standard8.5 – 8.5
- ibm / Business Process Manager Standard8.0.1.3 – 8.0.1.3
- ibm / Business Process Manager Standard8.0.1.2 – 8.0.1.2
- ibm / Business Process Manager Standard8.0.1.1 – 8.0.1.1
- ibm / Business Process Manager Standard8.0.1 – 8.0.1
- ibm / Business Process Manager Standard8.0 – 8.0
- ibm / Business Process Manager Standard8.6 – 8.6
- ibm / Business Process Manager Standard8.5.7.CF201706 – 8.5.7.CF201706