CVE-2014-4759

Опубликовано: 04 сент. 2014

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21680809
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/94486
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21680809
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/94486

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00179

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-9pc4-9w55-7vmh

github

больше 3 лет назад