CVE-2014-4759

medium

Description

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/94486

http://www-01.ibm.com/support/docview.wss?uid=swg21680809

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871

Details

Source: Mitre, NVD

Published: 2014-09-04

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00179