2 matches found
Security Bulletin: Injection vulnerabilities in WebSphere Lombardi Edition and IBM Business Process Manager (BPM) (CVE-2014-3087)
Summary Service inputs can be passed into callService.do as URL parameters in an XML format. Because of insufficient input validation, XML injection attacks are possible. Vulnerability Details CVE ID: CVE-2014-3087 DESCRIPTION: IBM WebSphere Lombardi Edition and IBM Business Process Manager might...
CVE-2014-3087
IBM BPM and WebSphere Lombardi Edition are affected by CVE-2014-3087 due to an XXE flaw in callService.do that allows remote authenticated users to read arbitrary files through crafted XML data. Affected: IBM BPM Express/Standard/Advanced 7.5.x, 8.0.x, 8.5.0, 8.5.5; WebSphere Lombardi Edition 7.2...