The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2014-04-10T23:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2014-01-06T00:00:00
Link: CVE-2014-0908
JSON object: View
NVD Information
Status : Modified
Published: 2014-04-10T23:55:04.730
Modified: 2017-08-29T01:34:20.107
Link: CVE-2014-0908
JSON object: View
Redhat Information
No data.
CWE