CVE-2014-6139

Published: Feb 13, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.

Affected (3)

Products: Ibm: Business Process Manager

1 product

Business Process Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Business Process Manager	Version 8.0.1.3
Ibm Business Process Manager	Version 8.5.0.1
Ibm Business Process Manager	Version 8.5.5.0

Related CWEs

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg1JR51391

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1JR51391

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.