CVE-2014-4844

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
ibmbusiness_process_manager
7.5.0.0
ibmbusiness_process_manager
7.5.0.1
ibmbusiness_process_manager
7.5.1.0
ibmbusiness_process_manager
7.5.1.1
ibmbusiness_process_manager
7.5.1.2
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR51286
http://www.ibm.com/support/docview.wss?uid=swg21690554
https://exchange.xforce.ibmcloud.com/vulnerabilities/95724
http://www-01.ibm.com/support/docview.wss?uid=swg1JR51286
http://www.ibm.com/support/docview.wss?uid=swg21690554
https://exchange.xforce.ibmcloud.com/vulnerabilities/95724