2 matches found
Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1767)
Summary Cross-site scripting vulnerability in an instance user interface affects IBM Business Process Manager. Vulnerability Details CVEID: CVE-2017-1767 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...
Design/Logic Flaw
The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors...