Security Bulletin: Ineffective Cross Site Request Forgery (CSRF) protection in IBM Business Process Manager (BPM) (CVE-2017-1769)

Summary The optional Cross Site Request Forgery CSRF protection feature using Referer header allow listing is ineffective in IBM BPM V8.6.0.0. The check is effectively skipped. Vulnerability Details CVEID: CVE-2017-1769 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site request...

CVE-2017-1769

IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783...