IBM Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) redirect-login mechanism (CVE-2014-6101)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
IBM Business Process Manager uses a mechanism to silently login users who have previously authenticated themselves. This mechanism is vulnerable to cross-site scripting attacks. CVE(s): CVE-2014-6101 Affected product(s) and affected version(s): IBM Business Process Manager Standard V7.5.x, 8.0.x 8.5.x IBM Business Process Manager Express V7.5.x, 8.0.x 8.5.x IBM Business Process Manager Advanced V7.5.x, 8.0.x 8.5.x Refer to the following reference URLs for remediation and additional
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_cross_site_scripting_vulnerability_in_ibm_business_process_manager_bpm_redirect_login_mechanism_cve_2014_6101?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-6101 ,CVE-2014-3566 ,CVE-2014-0460 and CVE-2014-0878. |