|
Description
|
|
A security issue and a vulnerability have been reported in IBM Business Process Manager, which can be exploited by malicious users to disclose potentially sensitive information and bypass certain security restrictions.
For more information:
SA60948
1) Certain input related to the Process Center is not properly verified before being used. This can be exploited to disclose the contents of arbitrary local files via directory traversal sequences.
The security issue and the vulnerability are reported in the Standard, Express, and Advanced edition versions 8.0.x and 8.5.x.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
IBM Business Process Manager 8.x
|
|
|
|
|
|
Solution
|
|
Apply interim fixes for APARs JR51286 and JR51234 (please see the vendor's advisories for details).
|
|
|
|
|
|
CVE
|
|
CVE-2014-6182
CVE-2014-4844
|
|
|
|
|
|
References
|
|
IBM (JR51286
JR51234):
http://www.ibm.com/support/docview.wss?uid=swg21690554
http://www.ibm.com/support/docview.wss?uid=swg21692540
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
