CVE-2014-4759 Information

Description

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50871 http://www-01.ibm.com/support/docview.wss?uid=swg21680809 https://exchange.xforce.ibmcloud.com/vulnerabilities/94486