VYPR
Get started
← All advisories
High severity8.8NVD Advisory· Published Sep 26, 2017· Updated May 13, 2026

CVE-2017-1539

CVE-2017-1539

Description

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

Affected products

73
  • IBM/Business Process Manager72 versions
    cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*+ 71 more
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*
    • cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*
  • IBM/Business Process Manager Advancedv5
    Range: 7.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.