Cross-Site Scripting Vulnerability in IBM Business Process Manager
CVE-2017-1531

5.4MEDIUM

Key Information:

Vendor
IBM
Status
Business Process Manager Advanced
Vendor
CVE Published:
26 September 2017

Summary

IBM Business Process Manager, versions 7.5, 8.0, and 8.5, is susceptible to a cross-site scripting issue that permits malicious actors to inject arbitrary JavaScript code into the web interface. This flaw can significantly compromise user sessions, allowing attackers to manipulate the UI and potentially expose user credentials. The vulnerability highlights the need for robust input validation and output encoding practices to safeguard against such exploits.

Affected Version(s)

Business Process Manager Advanced 7.5

Business Process Manager Advanced 7.5.0.1

Business Process Manager Advanced 7.5.1

References

http://www.securityfocus.com/bid/100963
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/130410
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22007354
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.