IBM81AE96745B6FD95B3847233C104B7CAD3C1174CAEA3EE456D05F68BF74AF8F16Security Bulletin: Cross Site Scripting vulnerability in IBM Business Process Manager (CVE-2016-5901)
EPSS
Percentile
40.1%
Summary
A test page that is vulnerabile to cross site scripting has been packaged with IBM Business Process Manager.
Vulnerability Details
CVEID: CVE-2016-5901**
DESCRIPTION:** IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115511> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
-
- IBM Business Process Manager Advanced V8.5.6.0 - V8.5.7.0 prior to cumulative fix 2016.09
Remediation/Fixes
Install IBM Business Process Manager interim fix JR56391 as appropriate for your current IBM Business Process Manager version.
- IBM Business Process Manager Advanced
- IBM Business Process Manager Standard
- IBM Business Process Manager Express
Workarounds and Mitigations
None
Related
EPSS
Percentile
40.1%