Home Unlabelled IBM Security Bulletin: Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769)

IBM Security Bulletin: Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769)

By
Tuesday, January 23, 2018
Read
Add Comment

The optional Cross Site Request Forgery (CSRF) protection feature using Referer header whitelisting is ineffective in IBM BPM V8.6.0.0. The check is effectively skipped.

CVE(s): CVE-2017-1769

Affected product(s) and affected version(s):

– IBM Business Process Manager V8.6.0.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22011579
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/136783

The post IBM Security Bulletin: Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2n2ORRc
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us