File Download Vulnerability in IBM Business Process Manager Products
CVE-2016-9693

6.1MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager Advanced
Vendor: CVE Published:; 7 March 2017

Summary

IBM Business Process Manager versions 7.5, 8.0, and 8.5 exhibit a vulnerability in their file download feature that hackers may exploit. This flaw allows an unauthenticated user to potentially download malicious files, bypassing existing file type restrictions. Such vulnerabilities can lead to the execution of harmful code on the victim's machine, compromising security and integrity. It is crucial for users and administrators to stay informed and apply necessary security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Business Process Manager Advanced 7.5

Business Process Manager Advanced 7.5.0.1

Business Process Manager Advanced 7.5.1

References

http://www.securityfocus.com/bid/98074

vdb-entryx_refsource_BID

https://www.ibm.com/support/docview.wss?uid=swg21998655

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 7, 2017
Vulnerability Reserved
Dec 1, 2016