Cross-Site Scripting Vulnerability in IBM Business Process Manager
CVE-2017-1424
5.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 25 September 2017
Summary
IBM Business Process Manager 8.5.7 contains a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This security flaw can significantly compromise the application's integrity and confidentiality by enabling potential credential disclosure within trusted sessions. Such vulnerabilities pose a serious risk to user data and system functionality, emphasizing the need for prompt remediation.
Affected Version(s)
Business Process Manager Advanced 8.5.7
Business Process Manager Advanced 8.5.7.CF201609
Business Process Manager Advanced 8.5.7.CF201606
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved