Privilege Escalation in IBM Business Process Manager through LDAP Group Manipulation

CVE-2017-1539 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

Learn more about our Internal Network Penetration Testing.