2 matches found
Security Bulletin: Insufficient control over MIME types in Business Process Manager (BPM) and WebSphere Lombardi Edition document feature (CVE-2014-3075)
Summary You cannot restrict file uploads by MIME type in a document list coach view. As a result, potentially malicious files, such as HTML that contains embedded JavaScript can be uploaded and run in the browser. Vulnerability Details CVE ID: CVE-2014-3075 DESCRIPTION: IBM BPM document managemen...
CVE-2014-3075
Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file...