PT-2017-14045 · Ibm · Ibm Business Process Manager

Published

2017-09-26

Updated

2019-10-03

CVE-2017-1539

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 7.5 through 8.5

Description The issue arises from the software not properly distinguishing internal group memberships from user registry group memberships, allowing for privilege escalation. An attacker can manipulate LDAP group membership to potentially gain privileged access.

Recommendations For versions 7.5 through 8.5, update to a version that properly distinguishes between internal and user registry group memberships to prevent privilege escalation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-1539

Affected Products

Ibm Business Process Manager

PT-2017-14045 · Ibm · Ibm Business Process Manager

CVE-2017-1539

Related Identifiers

Affected Products

References · 5