Vulnerability Description
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Process Manager | 8.5.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21680809PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94486
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21680809PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94486
FAQ
What is CVE-2014-4759?
CVE-2014-4759 is a vulnerability with a CVSS score of 4.0 (MEDIUM). An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing ...
How severe is CVE-2014-4759?
CVE-2014-4759 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4759?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager.