PT-2017-14045 · Ibm · Ibm Business Process Manager

Publicado

2017-09-26

Atualizado

2019-10-03

CVE-2017-1539

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 7.5 through 8.5

Description The issue arises from the software not properly distinguishing internal group memberships from user registry group memberships, allowing for privilege escalation. An attacker can manipulate LDAP group membership to potentially gain privileged access.

Recommendations For versions 7.5 through 8.5, update to a version that properly distinguishes between internal and user registry group memberships to prevent privilege escalation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2017-1539

Produtos afetados

Ibm Business Process Manager

PT-2017-14045 · Ibm · Ibm Business Process Manager

CVE-2017-1539

Identificadores relacionados

Produtos afetados

Referências · 5