Cross-Site Scripting Vulnerability in IBM Business Process Manager
CVE-2016-9731
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 1 February 2017
Summary
IBM Business Process Manager is susceptible to cross-site scripting vulnerabilities that enable attackers to inject malicious JavaScript code into the Web User Interface. This flaw could alter the normal behavior of the application and potentially allow for the disclosure of sensitive user credentials during trusted sessions, posing serious security risks for organizations that utilize this software.
Affected Version(s)
Business Process Manager Advanced 7.5
Business Process Manager Advanced 7.5.0.1
Business Process Manager Advanced 7.5.1
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved