CVE-2014-3075

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 4 September 2014

Summary

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93817

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21679979

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
Apr 29, 2014