How severe is CVE-2017-1539?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Ibm Business_process_manager

CVE-2017-1539

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain…

EPSS: 0.006 (69.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ibm Business_process_manager — versions 7.5.0.0, 7.5.0.1, 7.5.1.0
Ibm Business Process Manager Advanced — versions 8.5.0.1, 8.5.7.CF201703, 7.5

References

psirt@us.ibm.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
psirt@us.ibm.com (VDB Entry, x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2017-1539?: CVE-2017-1539 is a high-severity vulnerability in Ibm Business_process_manager. CVSS score: 8.8/10. Published 2017-09-26.
How severe is CVE-2017-1539?: High severity. CVSS v3 base score is 8.8 out of 10.