Back to search
CVE-2014-4802
Published: Oct 7, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www-01.ibm.com/support/docview.wss?uid=swg21684771
x_refsource_CONFIRM
JR50984
vendor-advisory
x_refsource_AIXAPAR
ibm-bpm-cve20144802-info-disc(95304)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now