6.5

CVE-2016-0349

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmBusiness Process Manager Version8.5.6.0
IbmBusiness Process Manager Version8.5.7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.46% 0.702
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www-01.ibm.com/support/docview.wss?uid=swg1JR55701
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21981094
Vendor Advisory
http://www.securitytracker.com/id/1036185