CVE-2014-4759

EUVD-2014-4678
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871
http://www-01.ibm.com/support/docview.wss?uid=swg21680809
https://exchange.xforce.ibmcloud.com/vulnerabilities/94486
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871
http://www-01.ibm.com/support/docview.wss?uid=swg21680809
https://exchange.xforce.ibmcloud.com/vulnerabilities/94486