Vulnerabilities > CVE-2017-1628 - Incorrect Authorization vulnerability in IBM Business Process Manager 8.6.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg22009496
- http://www.ibm.com/support/docview.wss?uid=swg22009496
- http://www.securityfocus.com/bid/101900
- http://www.securityfocus.com/bid/101900
- http://www.securitytracker.com/id/1039777
- http://www.securitytracker.com/id/1039777
- https://exchange.xforce.ibmcloud.com/vulnerabilities/133126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/133126