Vulnonym.com

CVE-2015-1904 - Fissiparous Verb

Description

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 8.5.0 through 8.5.0.1 8.5.5 through 8.5.5.0 and 8.5.6 through 8.5.6.0 when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209 http://www-01.ibm.com/support/docview.wss?uid=swg21960293 http://www.securitytracker.com/id/1033159