Lucene search

IBMBF7B0C1582896850A5ABBC4DE267CEEE96B125750C24E369A0A1079317A700D8

HistoryJun 15, 2018 - 7:07 a.m.

Security Bulletin: Cross-Site Scripting vulnerability affects IBM Business Process Manager Process Admin Console (CVE-2017-1530)

2018-06-1507:07:59

www.ibm.com

0.001 Low

EPSS

Percentile

25.3%

JSON

Summary

IBM Business Process Manager (BPM) Process Admin Console is vulnerable to a persisted Cross-Site Scripting attack.

Vulnerability Details

CVEID: CVE-2017-1530**
DESCRIPTION:** IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130409> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

- IBM Business Process Manager V7.5.0.0 through V7.5.1.2

- IBM Business Process Manager V8.0.0.0 through V8.0.1.3

- IBM Business Process Manager V8.5.0.0 through V8.5.0.2

- IBM Business Process Manager V8.5.5.0

- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

Remediation/Fixes

Install IBM BPM interim fix JR58292 as appropriate for your current version.

As IBM Business Process Manager V7.5 is out of general support, customers with a support extension contract can contact IBM support to request the fix.

For IBM BPM V8.5.7.0 through V8.5.7.0 CF 2017.06

Install CF 2017.06 and then apply iFix JR58292
For IBM BPM V8.5.6.0 through V8.5.6.0 CF2
Install CF2 as required by iFix and then apply iFix JR58292
For IBM BPM V8.5.5.0
Apply iFix JR58292
For IBM BPM V8.5.0.0 through V8.5.0.2
Install Fix Pack 2 as required by iFix and then apply iFix JR58292
For IBM BPM V8.0.0.0 through V8.0.1.3
Upgrade to minimal Refresh Pack 1, install Fix Pack 3 as required by iFix and then apply iFix JR58292
For IBM BPM V7.5.0.0 through V7.5.1.2
Upgrade to minimal Refresh Pack 1, install Fix Pack 2 as required by iFix and then apply iFix JR58292

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm business process manager advancedeq8.5.7.
ibm business process manager advancedeq201706
ibm business process manager advancedeq8.5.7.
ibm business process manager advancedeq201703
ibm business process manager advancedeq8.5.7.
ibm business process manager advancedeq201612
ibm business process manager advancedeq8.5.7.
ibm business process manager advancedeq201609
ibm business process manager advancedeq8.5.7.
ibm business process manager advancedeq201606

Name	Operator	Version
ibm business process manager advanced	eq	8.5.7.
ibm business process manager advanced	eq	201706
ibm business process manager advanced	eq	8.5.7.
ibm business process manager advanced	eq	201703
ibm business process manager advanced	eq	8.5.7.
ibm business process manager advanced	eq	201612
ibm business process manager advanced	eq	8.5.7.
ibm business process manager advanced	eq	201609
ibm business process manager advanced	eq	8.5.7.
ibm business process manager advanced	eq	201606

Rows per page:

1-10 of 841

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for BF7B0C1582896850A5ABBC4DE267CEEE96B125750C24E369A0A1079317A700D8