3 matches found
Security Bulletin: JavaScript evaluation vulnerability in IBM Business Process Manager (CVE-2015-1961)
Summary Due to insufficient validation of input parameters and the failure to honor a configuration setting, authenticated users can send JavaScript for execution on the server side. Vulnerability Details CVEID: CVE-2015-1961 DESCRIPTION: IBM Business Process Manager could allow a remote...
CVE-2015-1961
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...
CVE-2015-1961
Summary: CVE-2015-1961 affects IBM Business Process Manager (BPM) versions 7.5.1–7.5.1.2, 8.0.x–8.0.1.3, 8.5.0–8.5.0.1, 8.5.5–8.5.5.0, and 8.5.6–8.5.6.0. The issue arises from insufficient input validation and a misapplied configuration setting in a BPM REST API variant, allowing remote authentic...