Vulnerability Description
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Process Manager | 8.0.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234PatchVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21692540Vendor Advisory
- http://www.securitytracker.com/id/1031379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98518
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234PatchVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=swg21692540Vendor Advisory
- http://www.securitytracker.com/id/1031379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98518
FAQ
What is CVE-2014-6182?
CVE-2014-6182 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to r...
How severe is CVE-2014-6182?
CVE-2014-6182 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-6182?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager.