What is CVE-2016-0349?

CVE-2016-0349 is a medium-severity vulnerability in Ibm Business_process_manager, classified under Improper Access Control. CVSS score: 6.5/10. Published 2016-06-30.

How severe is CVE-2016-0349?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Ibm Business_process_manager

CVE-2016-0349

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.

EPSS: 0.001 (28.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Ibm Business_process_manager — versions 8.5.6.0, 8.5.7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

1036185 (vdb-entry, x_refsource_SECTRACK)
JR55701 (vendor-advisory, x_refsource_AIXAPAR, Vendor Advisory)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2016-0349?: CVE-2016-0349 is a medium-severity vulnerability in Ibm Business_process_manager, classified under Improper Access Control. CVSS score: 6.5/10. Published 2016-06-30.
How severe is CVE-2016-0349?: Medium severity. CVSS v3 base score is 6.5 out of 10.