Home Unlabelled IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) – CVE-2017-1425

IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) – CVE-2017-1425

By
Saturday, September 23, 2017
Read
Add Comment

Sep 23, 2017 10:00 am EDT

Categorized: Medium Severity

Share this post:

IBM BPM reflects untrusted user input without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection.

CVE(s): CVE-2017-1425

Affected product(s) and affected version(s):

– IBM Business Process Manager V8.0.1.1

– IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

Note that release 8.0.1.2, 8.0.1.3, 8.5.5.0, and 8.5.6 (including cumulative fixes) are NOT affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wO3B8M
X-Force Database: http://ift.tt/2xvWrtl



from IBM Product Security Incident Response Team http://ift.tt/2wNsD87
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us