CVE-2014-6182

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager (BPM) versions 8.0.x through 8.0.1.3 IBM Business Process Manager (BPM) versions 8.5.x through 8.5.5

Description A directory traversal issue exists in the export function of the Process Center, allowing remote authenticated users to read arbitrary files by including a .. (dot dot) in a URL.

Recommendations For versions 8.0.x through 8.0.1.3, update to a version outside of this range to resolve the issue. For versions 8.5.x through 8.5.5, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the export function in the Process Center to minimize the risk of exploitation.