IBM Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) error handling (CVE-2015-0193)
|
System information
|
|
|
Affected software |
IBM |
Description
|
IBM Business Proccess Manager is vulnerable to cross-site scripting, caused by improper neutralization of user-supplied input in some error situations. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victims Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victims cookie-based authentication credentials. CVE(s): CVE-2015-0193 Affected
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cross_site_scripting_vulnerabilities_in_ibm_business_process_manager_bpm_and_websphere_lombardi_edition_wle_error_handling_cve_2015_0193?lang=en_us |
Standar resources
|
Property |
Value |
CVE |
CVE-2015-0193 ,CVE-2015-0121 ,CVE-2014-8917 and CVE-2015-3456. |