CVE-2014-4759 - OpenCVE

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Business Process Manager

Configuration 1 [-]

OR	cpe:2.3:a:ibm:business_process_manager:8.5.0.0:::::::*
	cpe:2.3:a:ibm:business_process_manager:8.5.0.1:::::::*
	cpe:2.3:a:ibm:business_process_manager:8.5.5.0:::::::*

No data.

References

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871
http://www-01.ibm.com/support/docview.wss?uid=swg21680809
https://exchange.xforce.ibmcloud.com/vulnerabilities/94486

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-09-04T10:00:00

Updated: 2024-08-06T11:27:36.384Z

Reserved: 2014-07-09T00:00:00

Link: CVE-2014-4759

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-09-04T10:55:07.550

Modified: 2017-08-29T01:35:06.170

Link: CVE-2014-4759

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-29T00:00:00", "descriptions": [{"lang": "en", "value": "An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-websphere-cve20144759-info-disc(94486)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94486"}, {"name": "JR50871", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680809"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-4759", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-websphere-cve20144759-info-disc(94486)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94486"}, {"name": "JR50871", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680809", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680809"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:27:36.384Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-websphere-cve20144759-info-disc(94486)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94486"}, {"name": "JR50871", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680809"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-4759", "datePublished": "2014-09-04T10:00:00", "dateReserved": "2014-07-09T00:00:00", "dateUpdated": "2024-08-06T11:27:36.384Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "989C89DF-C6CB-45C9-9592-30A83896BD71", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "783C2592-9669-4C75-9E63-C834482F6F8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7021B830-3EE4-446D-8D87-BBD2097A023E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results."}, {"lang": "es", "value": "Un servicio Ajax no especificado en el juego de herramientas Content Management en IBM Business Process Manager (BPM) 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la realizaci\u00f3n de una b\u00fasqueda de adjuntos de documentos y posteriormente la lectura de las propiedades de documentos en los resultados de la b\u00fasqueda."}], "id": "CVE-2014-4759", "lastModified": "2017-08-29T01:35:06.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-09-04T10:55:07.550", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680809"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94486"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}