Main Vulnerability Database SB2016062903

SB2016062903 - Improper authorization in IBM Business Process Manager

Published: June 29, 2016 Updated: November 22, 2018

Security Bulletin ID SB2016062903

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper authorization (CVE-ID: CVE-2016-0349)

The vulnerability allows a remote attacker to modify data on the target system.

The vulnerability exists due to access control error. A remote authenticated user can update process instance variables on the target system.

Successful exploitation of this vulnerability may result in modification of system information

Remediation

Install update from vendor's website.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21981094

SB2016062903 - Improper authorization in IBM Business Process Manager

Breakdown by Severity

Description

Remediation

References

Please verify you're human