SymmetricalDataSecurity: IBM Security Bulletin: Incorrect authorization for stop and resume Event Manager REST API in IBM Business Process Manager (CVE-2017-1628)

Saturday, November 11, 2017

IBM Security Bulletin: Incorrect authorization for stop and resume Event Manager REST API in IBM Business Process Manager (CVE-2017-1628)

Due to incorrect authorization for stop and resume Event Manager REST API, users without required permission can stop and resume the Event Manager in IBM Business Process Manager.

CVE(s): CVE-2017-1628

Affected product(s) and affected version(s):

– IBM Business Process Manager V8.6.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hk8IIq
X-Force Database: http://ift.tt/2zxB3W9

The post IBM Security Bulletin: Incorrect authorization for stop and resume Event Manager REST API in IBM Business Process Manager (CVE-2017-1628) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2hluWdd

SymmetricalDataSecurity

Saturday, November 11, 2017

IBM Security Bulletin: Incorrect authorization for stop and resume Event Manager REST API in IBM Business Process Manager (CVE-2017-1628)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews