IBM Business Process Manager Open Redirect Vulnerability


Description   (:An open redirect vulnerability has been identified in IBM Business Process Manager.:A remote attacker could exploit it by inciting their victims to follow a specially crafted link in order to redirect to a malicious website.::This vulnerability stems from the fact that the vulnerable products accept a user-controlled input that specifies a link to an external site, and use that link in a redirect.)
     
Vulnerable Products   Vulnerable Software:
Business Process Manager Advanced (Websphere Process Server) (IBM) - 7.5.0.0, 7.5.0.1, 7.5.1.0, 7.5.1.1, 7.5.1.2, ..., 8.5.6.0, 8.5.6.0 CF1, 8.5.6.0 CF2, 8.5.7, 8.5.7.0 CF 2016.12
     
Solution   IBM has also released version 8.5.7 CF 2017.03 of Business Process Manager in order to resolve this vulnerability.
     
CVE   CVE-2017-1159
     
References   - IBM : Security Bulletin: Open redirect vulnerability in IBM Business Process Manager (CVE-2017-1159)
http://www-01.ibm.com/support/docview.wss?uid=swg22000253
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-05-18 

 Target Type 
Client 

 Possible exploit 
Remote