IBM Business Process Manager 8.0.1.1/8.5.7 Web UI cross site scripting

A vulnerability was found in IBM Business Process Manager 8.0.1.1/8.5.7 (Business Process Management Software) and classified as problematic. This issue affects an unknown part of the component Web UI. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field	11/19/2019 08:03 PM	01/14/2021 02:24 PM	01/14/2021 02:26 PM
type	Business Process Management Software	Business Process Management Software	Business Process Management Software
vendor	IBM	IBM	IBM
name	Business Process Manager	Business Process Manager	Business Process Manager
version	8.0.1.1/8.5.7	8.0.1.1/8.5.7	8.0.1.1/8.5.7
component	Web UI	Web UI	Web UI
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss2_vuldb_basescore	3.5	3.5	3.5
cvss2_vuldb_tempscore	3.5	3.5	3.5
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_nvd_av	N	N	N
cvss2_nvd_ac	M	M	M
cvss2_nvd_au	S	S	S
cvss2_nvd_ci	N	N	N
cvss2_nvd_ii	P	P	P
cvss2_nvd_ai	N	N	N
cvss3_meta_basescore	4.4	4.4	4.4
cvss3_meta_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.5	3.5	3.5
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_nvd_av	N	N	N
cvss3_nvd_ac	L	L	L
cvss3_nvd_pr	L	L	L
cvss3_nvd_ui	R	R	R
cvss3_nvd_s	C	C	C
cvss3_nvd_c	L	L	L
cvss3_nvd_i	L	L	L
cvss3_nvd_a	N	N	N
date	1506384000 (09/26/2017)	1506384000 (09/26/2017)	1506384000 (09/26/2017)
url	http://www.ibm.com/support/docview.wss?uid=swg22006265	http://www.ibm.com/support/docview.wss?uid=swg22006265	http://www.ibm.com/support/docview.wss?uid=swg22006265
price_0day	$0-$5k	$0-$5k	$0-$5k
price_trend	+	+	+
cve	CVE-2017-1425	CVE-2017-1425	CVE-2017-1425
cve_assigned	1480464000	1480464000	1480464000
cve_nvd_published	1506384000	1506384000	1506384000
cve_nvd_summary	IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.	IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.	IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.
securityfocus	100961	100961	100961
securityfocus_title	IBM Business Process Manager CVE-2017-1425 Cross Site Scripting Vulnerability	IBM Business Process Manager CVE-2017-1425 Cross Site Scripting Vulnerability	IBM Business Process Manager CVE-2017-1425 Cross Site Scripting Vulnerability
qualys_id	370608	370608	370608
qualys_title	IBM Business Process Manager Cross-site Scripting vulnerability (swg22006265)	IBM Business Process Manager Cross-site Scripting vulnerability (swg22006265)	IBM Business Process Manager Cross-site Scripting vulnerability (swg22006265)
location	Website	Website	Website
cvss2_vuldb_e	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND
cvss2_vuldb_rc	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_vuldb_rl	X	X	X
cvss3_vuldb_rc	X	X	X
0day_days	4	4	4
cvss3_nvd_basescore	5.4	5.4	5.4
discoverydate	1506038400	1506038400	1506038400
confirm_url	http://www.ibm.com/support/docview.wss?uid=swg22006265	http://www.ibm.com/support/docview.wss?uid=swg22006265	http://www.ibm.com/support/docview.wss?uid=swg22006265
securityfocus_date	1506038400 (09/22/2017)	1506038400 (09/22/2017)	1506038400 (09/22/2017)
securityfocus_class	Input Validation Error	Input Validation Error	Input Validation Error
xforce		127478	127478
cvss2_nvd_basescore		3.5	3.5
person_name			Nalla Muthu S/Prasath K

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!