IBM Security Bulletin: JavaScript evaluation vulnerability in IBM Business Process Manager (CVE-2015-1961)

Due to insufficient validation of input parameters and the failure to honor a configuration setting, authenticated users can send JavaScript for execution on the server side. CVE(s):   CVE-2015-1961 Affected product(s) and...

from IBM Product Security Incident Response Team http://ift.tt/1U7UJm1