XSS Vulnerability in IBM Business Process Manager and WebSphere Lombardi Edition
CVE-2014-3075

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 4 September 2014

What is CVE-2014-3075?

A Cross-site Scripting (XSS) vulnerability exists in IBM Business Process Manager versions 7.5.x to 8.5.5 and WebSphere Lombardi Edition version 7.2.0.x. This security flaw allows an attacker who is a remote authenticated user to upload malicious files, potentially injecting arbitrary web scripts or HTML into compromised applications. This vulnerability may enable attackers to execute harmful scripts in the context of other users, leading to unauthorized data access and manipulation across affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/93817

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21679979

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092

vendor-advisoryx_refsource_AIXAPAR

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
Apr 29, 2014