IBM Business Process Manager 7.5/8.0/8.5 Web UI cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in IBM Business Process Manager 7.5/8.0/8.5 (Business Process Management Software). It has been classified as problematic. This affects some unknown processing of the component Web UI. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/20/2019 08:10 AM01/14/2021 03:01 PM01/14/2021 03:05 PM
0day_days444
cvss3_nvd_basescore5.45.45.4
typeBusiness Process Management SoftwareBusiness Process Management SoftwareBusiness Process Management Software
vendorIBMIBMIBM
nameBusiness Process ManagerBusiness Process ManagerBusiness Process Manager
version7.5/8.0/8.57.5/8.0/8.57.5/8.0/8.5
componentWeb UIWeb UIWeb UI
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss2_vuldb_basescore3.53.53.5
cvss2_vuldb_tempscore3.53.53.5
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auSSS
cvss2_nvd_ciNNN
cvss2_nvd_iiPPP
cvss2_nvd_aiNNN
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.44.44.4
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.53.53.5
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiRRR
cvss3_nvd_sCCC
cvss3_nvd_cLLL
cvss3_nvd_iLLL
cvss3_nvd_aNNN
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22007354http://www.ibm.com/support/docview.wss?uid=swg22007354http://www.ibm.com/support/docview.wss?uid=swg22007354
price_0day$0-$5k$0-$5k$0-$5k
price_trend+++
cveCVE-2017-1531CVE-2017-1531CVE-2017-1531
cve_assigned148046400014804640001480464000
cve_nvd_published150638400015063840001506384000
cve_nvd_summaryIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.
securityfocus100963100963100963
securityfocus_titleIBM Business Process Manager CVE-2017-1531 HTML Injection VulnerabilityIBM Business Process Manager CVE-2017-1531 HTML Injection VulnerabilityIBM Business Process Manager CVE-2017-1531 HTML Injection Vulnerability
qualys_id370609370609370609
qualys_titleIBM Business Process Manager Cross-Site Scripting multiple vulnerabilities (swg22007351 and swg22007354)IBM Business Process Manager Cross-Site Scripting multiple vulnerabilities (swg22007351 and swg22007354)IBM Business Process Manager Cross-Site Scripting multiple vulnerabilities (swg22007351 and swg22007354)
seealso107168107168107168
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
discoverydate150603840015060384001506038400
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22007354http://www.ibm.com/support/docview.wss?uid=swg22007354http://www.ibm.com/support/docview.wss?uid=swg22007354
securityfocus_date1506038400 (09/22/2017)1506038400 (09/22/2017)1506038400 (09/22/2017)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
xforce130410130410
cvss2_nvd_basescore3.53.5
person_nameIBM

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!