IBM602E7BC4F82B8ABEA9C0F6901CF733CE146FDB375C444BADCB32294C6AD8ABB4Security Bulletin: Persistent cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2015-0103)
EPSS
Percentile
27.4%
Summary
IBM Business Process Manager is vulnerable to persistent cross-site scripting due to insufficient validation of user input retrieved from the database. An authenticated malicious user can inject script in data fields. This script might be executed by other users when displaying this data.
Vulnerability Details
CVEID: CVE-2015-0103 **
DESCRIPTION:** IBM Business Process Manager is vulnerable to persistent cross-site scripting due to insufficient validation of user input retrieved from the database. An authenticated malicious user can inject script in data fields. This script might be executed by other users when displaying this data.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99581> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Affected Products and Versions
-
- IBM Business Process Manager Standard V8.0.x 8.5.x
- IBM Business Process Manager Express V8.0.x 8.5.x
- IBM Business Process Manager Advanced V8.0.x 8.5.x
Remediation/Fixes
Install the interim fix for APAR JR50457 as appropriate for your current IBM Business Process Manager.
- IBM Business Process Manager Express
- IBM Business Process Manager Standard
- IBM Business Process Manager Advanced
Workarounds and Mitigations
None
Related
EPSS
Percentile
27.4%