Cross-Site Scripting Vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition
CVE-2014-0957

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 18 July 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in IBM Business Process Manager versions 7.5 to 8.5.5 and WebSphere Lombardi Edition 7.2. Attackers can exploit this vulnerability by injecting arbitrary web scripts or HTML via specially crafted URLs. This manipulation can lead to service failures, allowing for unauthorized actions or data exposure to occur within the affected web applications.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR49990

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21679064

x_refsource_CONFIRM

http://secunia.com/advisories/59557

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 18, 2014
Vulnerability Reserved
Jan 6, 2014