IBM Business Process Manager 8.5.7 Web UI cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM Business Process Manager 8.5.7 (Business Process Management Software) and classified as problematic. Affected by this issue is an unknown function of the component Web UI. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/19/2019 03:20 PM01/14/2021 12:47 PM01/14/2021 12:50 PM
typeBusiness Process Management SoftwareBusiness Process Management SoftwareBusiness Process Management Software
vendorIBMIBMIBM
nameBusiness Process ManagerBusiness Process ManagerBusiness Process Manager
version8.5.78.5.78.5.7
componentWeb UIWeb UIWeb UI
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss2_vuldb_basescore3.53.53.5
cvss2_vuldb_tempscore3.53.53.5
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auSSS
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.44.44.4
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.53.53.5
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1506297600 (09/25/2017)1506297600 (09/25/2017)1506297600 (09/25/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22005112http://www.ibm.com/support/docview.wss?uid=swg22005112http://www.ibm.com/support/docview.wss?uid=swg22005112
price_0day$0-$5k$0-$5k$0-$5k
price_trend+++
cveCVE-2017-1424CVE-2017-1424CVE-2017-1424
cve_assigned148046400014804640001480464000
cve_nvd_published150629760015062976001506297600
cve_nvd_summaryIBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.
securityfocus100962100962100962
securityfocus_titleIBM Business Process Manager CVE-2017-1424 HTML Injection VulnerabilityIBM Business Process Manager CVE-2017-1424 HTML Injection VulnerabilityIBM Business Process Manager CVE-2017-1424 HTML Injection Vulnerability
qualys_id370682370682370682
qualys_titleIBM Business Process Manager Cross-Site Scripting Vulnerability (swg22005112)IBM Business Process Manager Cross-Site Scripting Vulnerability (swg22005112)IBM Business Process Manager Cross-Site Scripting Vulnerability (swg22005112)
seealso107111107111107111
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days333
cvss3_nvd_basescore5.45.45.4
discoverydate150603840015060384001506038400
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22005112http://www.ibm.com/support/docview.wss?uid=swg22005112http://www.ibm.com/support/docview.wss?uid=swg22005112
securityfocus_date1506038400 (09/22/2017)1506038400 (09/22/2017)1506038400 (09/22/2017)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
xforce127477127477
cvss2_nvd_basescore3.53.5
person_nameIBM

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!