IBM Business Process Manager 8.0.1.1/8.5.7 Web UI cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM Business Process Manager 8.0.1.1/8.5.7 (Business Process Management Software) and classified as problematic. This issue affects an unknown part of the component Web UI. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/19/2019 08:03 PM01/14/2021 02:24 PM01/14/2021 02:26 PM
typeBusiness Process Management SoftwareBusiness Process Management SoftwareBusiness Process Management Software
vendorIBMIBMIBM
nameBusiness Process ManagerBusiness Process ManagerBusiness Process Manager
version8.0.1.1/8.5.78.0.1.1/8.5.78.0.1.1/8.5.7
componentWeb UIWeb UIWeb UI
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss2_vuldb_basescore3.53.53.5
cvss2_vuldb_tempscore3.53.53.5
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auSSS
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.44.44.4
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.53.53.5
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22006265http://www.ibm.com/support/docview.wss?uid=swg22006265http://www.ibm.com/support/docview.wss?uid=swg22006265
price_0day$0-$5k$0-$5k$0-$5k
price_trend+++
cveCVE-2017-1425CVE-2017-1425CVE-2017-1425
cve_assigned148046400014804640001480464000
cve_nvd_published150638400015063840001506384000
cve_nvd_summaryIBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.
securityfocus100961100961100961
securityfocus_titleIBM Business Process Manager CVE-2017-1425 Cross Site Scripting VulnerabilityIBM Business Process Manager CVE-2017-1425 Cross Site Scripting VulnerabilityIBM Business Process Manager CVE-2017-1425 Cross Site Scripting Vulnerability
qualys_id370608370608370608
qualys_titleIBM Business Process Manager Cross-site Scripting vulnerability (swg22006265)IBM Business Process Manager Cross-site Scripting vulnerability (swg22006265)IBM Business Process Manager Cross-site Scripting vulnerability (swg22006265)
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days444
cvss3_nvd_basescore5.45.45.4
discoverydate150603840015060384001506038400
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22006265http://www.ibm.com/support/docview.wss?uid=swg22006265http://www.ibm.com/support/docview.wss?uid=swg22006265
securityfocus_date1506038400 (09/22/2017)1506038400 (09/22/2017)1506038400 (09/22/2017)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
xforce127478127478
cvss2_nvd_basescore3.53.5
person_nameNalla Muthu S/Prasath K

Might our Artificial Intelligence support you?

Check our Alexa App!