What is the severity of CVE-2017-1756?

CVE-2017-1756 has a CVSS score of 5.0, indicating a medium severity level.

How do I fix CVE-2017-1756?

To fix CVE-2017-1756, it is recommended to apply the latest security patches provided by IBM for affected versions of IBM Business Process Manager.

Which versions of IBM Business Process Manager are affected by CVE-2017-1756?

CVE-2017-1756 affects IBM Business Process Manager versions 7.5.0.0, 7.5.0.1, 7.5.1.0, 7.5.1.1, 7.5.1.2, 8.0.0.0, 8.0.1.0, 8.0.1.1, 8.0.1.2, 8.0.1.3, 8.5.0.0 through 8.6.0.0.

What type of vulnerability is CVE-2017-1756?

CVE-2017-1756 is a local file include vulnerability that allows unauthorized users to access locally stored web pages.

Can CVE-2017-1756 lead to data leakage?

Yes, CVE-2017-1756 could potentially lead to data leakage as it allows other users on the system to read web pages stored locally.

Vulnerability/
CVE-2017-1756

medium

CWE

200

30/3/2018

17/9/2024

CVE-2017-1756: Infoleak

First published: Fri Mar 30 2018(Updated: )

IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.0-cf2
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.2
IBM Business Process Manager	=8.5.7.0
IBM Business Process Manager	=8.5.7.0-cf201606
IBM Business Process Manager	=8.5.7.0-cf201609
IBM Business Process Manager	=8.5.7.0-cf201612
IBM Business Process Manager	=8.5.7.0-cf201703
IBM Business Process Manager	=8.5.7.0-cf201706
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.0-cf2
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.2
IBM Business Process Manager	=8.5.7.0
IBM Business Process Manager	=8.5.7.0-cf201606
IBM Business Process Manager	=8.5.7.0-cf201609
IBM Business Process Manager	=8.5.7.0-cf201612
IBM Business Process Manager	=8.5.7.0-cf201703
IBM Business Process Manager	=8.5.7.0-cf201706
IBM Business Process Manager	=8.6.0.0
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.0-cf2
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.2
IBM Business Process Manager	=8.5.7.0
IBM Business Process Manager	=8.5.7.0-cf201606
IBM Business Process Manager	=8.5.7.0-cf201609
IBM Business Process Manager	=8.5.7.0-cf201612
IBM Business Process Manager	=8.5.7.0-cf201703
IBM Business Process Manager	=8.5.7.0-cf201706
Ibm Business Process Manager Enterprise Service Bus	=8.6.0.0
IBM WebSphere	=7.2.0.0
IBM WebSphere	=7.2.0.1
IBM WebSphere	=7.2.0.2
IBM WebSphere	=7.2.0.3
IBM WebSphere	=7.2.0.4
IBM WebSphere	=7.2.0.5

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22010796

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1756?
CVE-2017-1756 has a CVSS score of 5.0, indicating a medium severity level.
How do I fix CVE-2017-1756?
To fix CVE-2017-1756, it is recommended to apply the latest security patches provided by IBM for affected versions of IBM Business Process Manager.
Which versions of IBM Business Process Manager are affected by CVE-2017-1756?
CVE-2017-1756 affects IBM Business Process Manager versions 7.5.0.0, 7.5.0.1, 7.5.1.0, 7.5.1.1, 7.5.1.2, 8.0.0.0, 8.0.1.0, 8.0.1.1, 8.0.1.2, 8.0.1.3, 8.5.0.0 through 8.6.0.0.
What type of vulnerability is CVE-2017-1756?
CVE-2017-1756 is a local file include vulnerability that allows unauthorized users to access locally stored web pages.
Can CVE-2017-1756 lead to data leakage?
Yes, CVE-2017-1756 could potentially lead to data leakage as it allows other users on the system to read web pages stored locally.

collector/nvd-index
agent/type
agent/softwarecombine
agent/remedy
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm business process manager
version/ibm business process manager/7.5.0.0
version/ibm business process manager/7.5.0.1
version/ibm business process manager/7.5.1.0
version/ibm business process manager/7.5.1.1
version/ibm business process manager/7.5.1.2
version/ibm business process manager/8.0.0.0
version/ibm business process manager/8.0.1.0
version/ibm business process manager/8.0.1.1
version/ibm business process manager/8.0.1.2
version/ibm business process manager/8.0.1.3
version/ibm business process manager/8.5.0.0
version/ibm business process manager/8.5.0.1
version/ibm business process manager/8.5.0.2
version/ibm business process manager/8.5.5.0
version/ibm business process manager/8.5.6.0
version/ibm business process manager/8.5.6.0-cf2
version/ibm business process manager/8.5.6.1
version/ibm business process manager/8.5.6.2
version/ibm business process manager/8.5.7.0
version/ibm business process manager/8.5.7.0-cf201606
version/ibm business process manager/8.5.7.0-cf201609
version/ibm business process manager/8.5.7.0-cf201612
version/ibm business process manager/8.5.7.0-cf201703
version/ibm business process manager/8.5.7.0-cf201706
version/ibm business process manager/8.6.0.0
canonical/ibm business process manager enterprise service bus
version/ibm business process manager enterprise service bus/8.6.0.0
canonical/ibm websphere
version/ibm websphere/7.2.0.0
version/ibm websphere/7.2.0.1
version/ibm websphere/7.2.0.2
version/ibm websphere/7.2.0.3
version/ibm websphere/7.2.0.4
version/ibm websphere/7.2.0.5

CVE-2017-1756: Infoleak

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1756?

How do I fix CVE-2017-1756?

Which versions of IBM Business Process Manager are affected by CVE-2017-1756?

What type of vulnerability is CVE-2017-1756?

Can CVE-2017-1756 lead to data leakage?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-1756?

How do I fix CVE-2017-1756?

Which versions of IBM Business Process Manager are affected by CVE-2017-1756?

What type of vulnerability is CVE-2017-1756?

Can CVE-2017-1756 lead to data leakage?