Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBC8F0E92DB12D1A148453FE3290651DD28AD334CC5A41BF8529E1C89B6F2C139
HistoryJun 15, 2018 - 7:02 a.m.

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) error handling (CVE-2015-0193)

2018-06-1507:02:36
www.ibm.com
4

EPSS

0.001

Percentile

27.4%

JSON

Summary

IBM Business Proccess Manager is vulnerable to cross-site scripting, caused by improper neutralization of user-supplied input in some error situations. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Vulnerability Details

CVEID: CVE-2015-0193**
DESCRIPTION:** IBM Business Proccess Manager is vulnerable to cross-site scripting, caused by improper neutralization of user-supplied input in some error situations. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 3.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101009&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products and Versions

    • IBM Business Process Manager Standard V7.5.x.x through 8.5.5.0
  • IBM Business Process Manager Express V7.5.x.x through 8.5.5.0
  • IBM Business Process Manager Advanced V7.5.x.x through 8.5.5.0
  • WebSphere Lombardi Edition 7.2

If you are using an older unsupported version, IBM strongly recommends to upgrade.

Remediation/Fixes

Install the interim fix for APAR JR52626 as appropriate for your current IBM Business Process Manager or WebSphere Lombardi Edition version.

Workarounds and Mitigations

As a pre-caution, advise users not to click links in email.

Related

prion 1
nvd 1
cvelist 1
cve 1
ibm 1
prion
prion
Cross site scripting
2015-05-30 19:59:00
nvd
nvd
CVE-2015-0193
2015-05-30 19:59:01
cvelist
cvelist
CVE-2015-0193
2015-05-30 19:00:00
cve
cve
CVE-2015-0193
2015-05-30 19:59:01
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator
2018-06-17 22:30:51

EPSS

0.001

Percentile

27.4%

JSON
Related for BC8F0E92DB12D1A148453FE3290651DD28AD334CC5A41BF8529E1C89B6F2C139
prion1nvd1cvelist1cve1ibm1