Vulnerability Description
The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Process Manager | 7.5.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505
- http://www-01.ibm.com/support/docview.wss?uid=swg21669330Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91870
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505
- http://www-01.ibm.com/support/docview.wss?uid=swg21669330Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91870
FAQ
What is CVE-2014-0908?
CVE-2014-0908 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access t...
How severe is CVE-2014-0908?
CVE-2014-0908 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0908?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager.