IBM Security Bulletin: Insufficient authorization in Service REST API and cross site scripting vulnerability in REST API affecting IBM Business Process Manager (CVE-2015-1905, CVE-2015-1906)
|
System information
|
|
|
Affected software |
IBM |
Description
|
IBM Business Process Manager REST API is vulnerable to cross site scripting due to insufficiently restricted parameter values for controlling content types. IFixes shipped with this advisory also close an additional vulnerability due to insufficient authorization checks on interacting with services via the REST API. CVE(s): CVE-2015-1905 and CVE-2015-1906 Affected product(s) and affected version(s): IBM Business Process Manager V7.5.x through V8.5.6.0 Refer to the following
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_insufficient_authorization_in_service_rest_api_and_cross_site_scripting_vulnerability_in_rest_api_affecting_ibm_business_process_manager_cve_2015_1905_cve_2015_1906?lang=en_u |
Standar resources
|
Property |
Value |
CVE |
CVE-2015-1905 ,CVE-2015-1906 ,CVE-2015-0488 ,CVE-2015-1916 ,CVE-2015-2808 ,CVE-2015-0204 ,CVE-2015-0410 ,CVE-2014-6593 and CVE-2015-1793. |