IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) – CVE-2017-1425
Sep 23, 2017 10:00 am EDT
Categorized: Medium Severity
Share this post:
IBM BPM reflects untrusted user input without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection.
CVE(s): CVE-2017-1425
Affected product(s) and affected version(s):
– IBM Business Process Manager V8.0.1.1
– IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06
Note that release 8.0.1.2, 8.0.1.3, 8.5.5.0, and 8.5.6 (including cumulative fixes) are NOT affected.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wO3B8M
X-Force Database: http://ift.tt/2xvWrtl
Archives
from IBM Product Security Incident Response Team http://ift.tt/2wNsD87