CVE-2014-4759

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager (BPM) versions 8.5.x through 8.5.5

Description The issue allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results. This is due to an unspecified Ajax service in the Content Management toolkit.

Recommendations For versions 8.5.x through 8.5.5, consider restricting access to the document-attachment search functionality until a fix is available. As a temporary workaround, limit the ability to read document properties in search results to minimize the risk of sensitive information disclosure.