The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 up to and including 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm business process manager 8.0.0.0 |
||
ibm business process manager 8.0.1.0 |
||
ibm business process manager 8.0.1.1 |
||
ibm business process manager 8.0.1.2 |
||
ibm business process manager 8.0.1.3 |
||
ibm business process manager 8.5.0.0 |
||
ibm business process manager 8.5.0.1 |
||
ibm business process manager 8.5.5.0 |