Cross-Site Scripting Vulnerability in IBM Business Process Manager
CVE-2017-1530

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Business Process Manager Advanced
Vendor
CVE Published:
26 September 2017

Summary

IBM Business Process Manager versions 7.5, 8.0, and 8.5 are susceptible to a cross-site scripting flaw that allows an attacker to inject arbitrary JavaScript code via the Web UI. This could lead to unauthorized actions being performed within a trusted user session, potentially resulting in the exposure of sensitive information such as user credentials. To mitigate this risk, ensure that the application is updated to the latest version and regularly review security practices.

Affected Version(s)

Business Process Manager Advanced 7.5

Business Process Manager Advanced 7.5.0.1

Business Process Manager Advanced 7.5.1

References

http://www.ibm.com/support/docview.wss?uid=swg22007351
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100960
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/130409
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.