CVE-2017-1539

Description

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.596

Associated Vulnerability

Vulnerability	OS Platform
Update for Google Chrome (62.0.3202.62)	Windows
Update for Google Chrome x64 (62.0.3202.62)	Windows
Update for Google Chrome (62.0.3202.75)	Windows
Update for Google Chrome x64 (62.0.3202.75)	Windows
Update for Google Chrome (62.0.3202.89)	Windows
Update for Google Chrome x64 (62.0.3202.89)	Windows
Update for Google Chrome (62.0.3202.62) (For Ubuntu)	Linux
Update for Google Chrome (62.0.3202.75) (For Ubuntu)	Linux
Update for Google Chrome (62.0.3202.89) (For Ubuntu)	Linux
Update for Google Chrome (62.0.3202.62) (For Debian)	Linux
Update for Google Chrome (62.0.3202.75) (For Debian)	Linux
Update for Google Chrome (62.0.3202.89) (For Debian)	Linux
Update for Google Chrome (62.0.3202.62) (For Centos)	Linux
Update for Google Chrome (62.0.3202.75) (For Centos)	Linux
Update for Google Chrome (62.0.3202.89) (For Centos)	Linux
Update for Google Chrome (62.0.3202.62) (For RedHat)	Linux
Update for Google Chrome (62.0.3202.75) (For RedHat)	Linux
Update for Google Chrome (62.0.3202.89) (For RedHat)	Linux
Update for Google Chrome (62.0.3202.62) (For Suse)	Linux
Update for Google Chrome (62.0.3202.75) (For Suse)	Linux
Update for Google Chrome (62.0.3202.89) (For Suse)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-306542	Update for Google Chrome (62.0.3202.62)
PATCH-306543	Update for Google Chrome x64 (62.0.3202.62)
PATCH-306583	Update for Google Chrome (62.0.3202.75)
PATCH-306584	Update for Google Chrome x64 (62.0.3202.75)
PATCH-306633	Update for Google Chrome (62.0.3202.89)
PATCH-306634	Update for Google Chrome x64 (62.0.3202.89)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234