Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA8BE2235250B7D10ADFEB2ABD4A4B1F6F0E0928D65B9BD1F9D2F1CF5CD991209
HistoryJun 15, 2018 - 7:02 a.m.

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) Process Center (CVE-2015-0101)

2018-06-1507:02:20
www.ibm.com
6

0.001 Low

EPSS

Percentile

30.7%

JSON

Summary

Insufficient user input validation in IBM Business Process Manager’s Process Center can lead to a cross-site scripting exposure.

Vulnerability Details

CVEID: CVE-2015-0101 **
DESCRIPTION:** IBM Business Process Manager Process Centeris vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99575&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

    • IBM Business Process Manager Standard V7.5.x, 8.0.x 8.5.x
  • IBM Business Process Manager Express V7.5.x, 8.0.x 8.5.x
  • IBM Business Process Manager Advanced V7.5.x, 8.0.x 8.5.x

Remediation/Fixes

Install the interim fix for APAR JR51926 as appropriate for your current IBM Business Process Manager version.

* [IBM Business Process Manager Express](&lt;http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR51926&gt;)
* [IBM Business Process Manager Standard](&lt;http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR51926&gt;)
* [IBM Business Process Manager Advanced](&lt;http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR51926&gt;)

Workarounds and Mitigations

The attack requires a user to access a malicious URL that the attacker has constructed for this purpose. Advise your users not to click links of unknown or untrusted origins.

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Cross site scripting
2017-08-28 15:29:00
cve
cve
CVE-2015-0101
2017-08-28 15:29:00
cvelist
cvelist
CVE-2015-0101
2017-08-28 15:00:00
nvd
nvd
CVE-2015-0101
2017-08-28 15:29:00

0.001 Low

EPSS

Percentile

30.7%

JSON
Related for A8BE2235250B7D10ADFEB2ABD4A4B1F6F0E0928D65B9BD1F9D2F1CF5CD991209
prion1cve1cvelist1nvd1