Cross-Site Scripting Vulnerability in IBM Business Process Manager
CVE-2017-1767
5.4MEDIUM
Summary
IBM Business Process Manager 8.6 is susceptible to a cross-site scripting vulnerability that permits users to introduce arbitrary JavaScript code into the Web UI. This capability can undermine the intended functionality of the application, potentially leading to the disclosure of sensitive information, including user credentials, during trusted sessions. The vulnerability poses risks by enabling attackers to manipulate website behavior or retrieve private data.
Affected Version(s)
Business Process Manager 8.6
Business Process Manager 8.6.0.CF201712
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved