CVE-2015-1904 Information

Description

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 8.5.0 through 8.5.0.1 8.5.5 through 8.5.5.0 and 8.5.6 through 8.5.6.0 when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

Reference

http://www.securitytracker.com/id/1033159 http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209 http://www-01.ibm.com/support/docview.wss?uid=swg21960293