An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x up to and including 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm business process manager 8.5.0.0 |
||
ibm business process manager 8.5.0.1 |
||
ibm business process manager 8.5.5.0 |