Vulnerability Description
The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Process Manager | 8.0.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50984Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21684771PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95304
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50984Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21684771PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95304
FAQ
What is CVE-2014-4802?
CVE-2014-4802 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows...
How severe is CVE-2014-4802?
CVE-2014-4802 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4802?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager.