CVE-2016-0349

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 8.5.6 through 8.5.6.2 IBM Business Process Manager versions 8.5.7 before 8.5.7.CF201606

Description The issue is related to inadequate access control in the system, allowing remote authenticated users to bypass intended access restrictions. This can be exploited via a REST API call to update process-instance variables.

Recommendations For IBM Business Process Manager versions 8.5.6 through 8.5.6.2, update to a version outside of this range to resolve the issue. For IBM Business Process Manager versions 8.5.7 before 8.5.7.CF201606, update to version 8.5.7.CF201606 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoint to minimize the risk of exploitation.