Cross-Site Scripting Vulnerability in IBM Business Process Manager
CVE-2017-1424

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Business Process Manager Advanced
Vendor
CVE Published:
25 September 2017

Summary

IBM Business Process Manager 8.5.7 contains a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This security flaw can significantly compromise the application's integrity and confidentiality by enabling potential credential disclosure within trusted sessions. Such vulnerabilities pose a serious risk to user data and system functionality, emphasizing the need for prompt remediation.

Affected Version(s)

Business Process Manager Advanced 8.5.7

Business Process Manager Advanced 8.5.7.CF201609

Business Process Manager Advanced 8.5.7.CF201606

References

http://www.ibm.com/support/docview.wss?uid=swg22005112
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100962
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/127477
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.