|
Description
|
|
(:A cross-site scripting vulnerability has been identified in IBM Business Process Manager.:A remote attacker can exploit it in order to execute arbitrary JavaScript or HTML code by inciting their victim into following a specially formed link.::This vulnerability is located in the panels in the Process Admin Console.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Business Process Manager Advanced (Websphere Process Server) (IBM) - 8.5.6.0, 8.5.6.1, 8.5.6.2, 8.5.7
|
|
|
|
|
|
Solution
|
|
IBM has released version 8.5.7 Cumulative Fix 2016.09 of Business Process Manager which fixes this vulnerability. The JR56391 interim fix is also available.
|
|
|
|
|
|
CVE
|
|
CVE-2016-5901
|
|
|
|
|
|
References
|
|
- JR56391: SECURITY APAR CVE-2016-5901 - CROSS-SITE SCRIPTING VULNERABILITY IN A PROCESS ADMIN CONSOLE SUBPAGE
http://www-01.ibm.com/support/docview.wss?uid=swg1JR56391
- IBM Security Bulletin: Cross Site Scripting vulnerability in IBM Business Process Manager (CVE-2016-5901)
http://www-01.ibm.com/support/docview.wss?uid=swg21990852
- IBM : Fix list for IBM Business Process Manager V8.5.7 Cumulative Fix 2016.09
http://www-01.ibm.com/support/docview.wss?uid=swg27048799
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
