Privilege Escalation in IBM Business Process Manager through LDAP Group Manipulation
CVE-2017-1539 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.
Learn more about our Internal Network Penetration Testing.