CVE-2014-6182

IBM Business Process Manager 8.0.x-8.0.1.3 & 8.5.x-8.5.5 Path Traversal via Process Center Export

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031379
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21692540
Patch, Vendor Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98518

Scores

EPSS 0.0211
EPSS Percentile 79.5%

Details

CWE
CWE-22
Status published
Products (8)
ibm/business_process_manager 8.0.0.0
ibm/business_process_manager 8.0.1.0
ibm/business_process_manager 8.0.1.1
ibm/business_process_manager 8.0.1.2
ibm/business_process_manager 8.0.1.3
ibm/business_process_manager 8.5.0.0
ibm/business_process_manager 8.5.0.1
ibm/business_process_manager 8.5.5.0
Published Dec 17, 2014
Tracked Since Feb 18, 2026