Due to incorrect authorization for stop and resume Event Manager REST API, users without required permission can stop and resume the Event Manager in IBM Business Process Manager.
CVE(s): CVE-2017-1628
Affected product(s) and affected version(s):
– IBM Business Process Manager V8.6.0.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hk8IIq
X-Force Database: http://ift.tt/2zxB3W9
The post IBM Security Bulletin: Incorrect authorization for stop and resume Event Manager REST API in IBM Business Process Manager (CVE-2017-1628) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2hluWdd
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.