CVE-2014-4802

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.

Published: Oct 7, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4802
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / business_process_manager	8.5.0.0	8.5.0.0.x
ibm / business_process_manager	8.0.1.0	8.0.1.0.x
ibm / business_process_manager	8.0.1.1	8.0.1.1.x
ibm / business_process_manager	8.5.5.0	8.5.5.0.x
ibm / business_process_manager	8.0.1.3	8.0.1.3.x
ibm / business_process_manager	8.5.0.1	8.5.0.1.x
ibm / business_process_manager	8.0.0.0	8.0.0.0.x
ibm / business_process_manager	8.0.1.2	8.0.1.2.x

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50984
http://www-01.ibm.com/support/docview.wss?uid=swg21684771
https://exchange.xforce.ibmcloud.com/vulnerabilities/95304

Vulnerability Database

290,278

CVE-2014-4802