CVE-2017-1539

Summary

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Process Manager Advanced7.5affected
IBMBusiness Process Manager Advanced7.5.0.1affected
IBMBusiness Process Manager Advanced7.5.1affected
IBMBusiness Process Manager Advanced7.5.1.1affected
IBMBusiness Process Manager Advanced7.5.1.2affected
IBMBusiness Process Manager Advanced8.0affected
IBMBusiness Process Manager Advanced8.0.1affected
IBMBusiness Process Manager Advanced8.0.1.1affected
IBMBusiness Process Manager Advanced8.0.1.2affected
IBMBusiness Process Manager Advanced8.5affected
IBMBusiness Process Manager Advanced8.5.0.1affected
IBMBusiness Process Manager Advanced8.5.5affected
IBMBusiness Process Manager Advanced8.0.1.3affected
IBMBusiness Process Manager Advanced8.5.6affected
IBMBusiness Process Manager Advanced8.5.0.2affected
IBMBusiness Process Manager Advanced8.5.7affected
IBMBusiness Process Manager Advanced8.5.7.CF201609affected
IBMBusiness Process Manager Advanced8.5.6.1affected
IBMBusiness Process Manager Advanced8.5.6.2affected
IBMBusiness Process Manager Advanced8.5.7.CF201606affected
IBMBusiness Process Manager Advanced8.5.7.CF201612affected
IBMBusiness Process Manager Advanced8.5.7.CF201703affected
IBMBusiness Process Manager Advanced8.5.7.CF201706affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References