IBM Business Process Manager 7.5/8.0/8.5 LDAP access control

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM Business Process Manager 7.5/8.0/8.5 (Business Process Management Software). It has been declared as critical. This vulnerability affects an unknown function of the component LDAP Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/20/2019 08:10 AM01/14/2021 03:11 PM01/14/2021 03:15 PM
typeBusiness Process Management SoftwareBusiness Process Management SoftwareBusiness Process Management Software
vendorIBMIBMIBM
nameBusiness Process ManagerBusiness Process ManagerBusiness Process Manager
version7.5/8.0/8.57.5/8.0/8.57.5/8.0/8.5
componentLDAP HandlerLDAP HandlerLDAP Handler
cwe264 (privilege escalation)264 (privilege escalation)264 (privilege escalation)
risk222
cvss2_vuldb_basescore6.56.56.5
cvss2_vuldb_tempscore6.56.56.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciPPP
cvss2_nvd_iiPPP
cvss2_nvd_aiPPP
cvss3_meta_basescore7.57.57.5
cvss3_meta_tempscore7.57.57.5
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22007451http://www.ibm.com/support/docview.wss?uid=swg22007451http://www.ibm.com/support/docview.wss?uid=swg22007451
price_0day$5k-$25k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2017-1539CVE-2017-1539CVE-2017-1539
cve_assigned148046400014804640001480464000
cve_nvd_published150638400015063840001506384000
cve_nvd_summaryIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.
securityfocus100967100967100967
securityfocus_titleIBM Business Process Manager CVE-2017-1539 Remote Privilege Escalation VulnerabilityIBM Business Process Manager CVE-2017-1539 Remote Privilege Escalation VulnerabilityIBM Business Process Manager CVE-2017-1539 Remote Privilege Escalation Vulnerability
qualys_id370607370607370607
qualys_titleIBM Business Process Manager Privilege Escalation vulnerability (swg22007451)IBM Business Process Manager Privilege Escalation vulnerability (swg22007451)IBM Business Process Manager Privilege Escalation vulnerability (swg22007451)
seealso107169 107168 107167107169 107168 107167107169 107168 107167
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days444
cvss3_nvd_basescore8.88.88.8
discoverydate150603840015060384001506038400
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22007451http://www.ibm.com/support/docview.wss?uid=swg22007451http://www.ibm.com/support/docview.wss?uid=swg22007451
securityfocus_date1506038400 (09/22/2017)1506038400 (09/22/2017)1506038400 (09/22/2017)
securityfocus_classDesign ErrorDesign ErrorDesign Error
xforce130807130807
cvss2_nvd_basescore6.56.5
person_nameIBM

Want to stay up to date on a daily basis?

Enable the mail alert feature now!