IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) – CVE-2017-1425

Share this post:

IBM BPM reflects untrusted user input without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection.

CVE(s): CVE-2017-1425

Affected product(s) and affected version(s):

– IBM Business Process Manager V8.0.1.1

– IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

Note that release 8.0.1.2, 8.0.1.3, 8.5.5.0, and 8.5.6 (including cumulative fixes) are NOT affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wO3B8M
X-Force Database: http://ift.tt/2xvWrtl



from IBM Product Security Incident Response Team http://ift.tt/2wNsD87