The REST API in IBM Business Process Manager (BPM) 7.5.x up to and including 7.5.1.2, 8.0.x up to and including 8.0.1.3, 8.5.0 up to and including 8.5.0.1, 8.5.5 up to and including 8.5.5.0, and 8.5.6 up to and including 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ibm business process manager 7.5.0.0 |
||
ibm business process manager 7.5.0.1 |
||
ibm business process manager 7.5.1.1 |
||
ibm business process manager 8.0.1.1 |
||
ibm business process manager 8.5.0.0 |
||
ibm business process manager 8.5.5.0 |
||
ibm business process manager 8.5.6.0 |
||
ibm business process manager 7.5.1.0 |
||
ibm business process manager 8.0.0.0 |
||
ibm business process manager 8.0.1.0 |
||
ibm business process manager 8.0.1.2 |
||
ibm business process manager 8.0.1.3 |
||
ibm business process manager 8.5.0.1 |
Vulmon