CVE-2014-6182
IBM Business Process Manager 8.0.x-8.0.1.3 & 8.5.x-8.5.5 Path Traversal via Process Center Export
Title source: llmDescription
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031379
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21692540
Patch, Vendor Advisory vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98518
Scores
EPSS
0.0211
EPSS Percentile
79.5%
Details
CWE
CWE-22
Status
published
Products (8)
ibm/business_process_manager
8.0.0.0
ibm/business_process_manager
8.0.1.0
ibm/business_process_manager
8.0.1.1
ibm/business_process_manager
8.0.1.2
ibm/business_process_manager
8.0.1.3
ibm/business_process_manager
8.5.0.0
ibm/business_process_manager
8.5.0.1
ibm/business_process_manager
8.5.5.0
Published
Dec 17, 2014
Tracked Since
Feb 18, 2026