Boletines de Vulnerabilidades

IBM Security Bulletin: Insufficient control over MIME types in Business Process Manager (BPM) and WebSphere Lombardi Edition document feature (CVE-2014-3075)

Información sobre el sistema
   
Software afectado IBM

Descripción
You cannot restrict file uploads by MIME type in a document list coach view. As a result, HTML that contains embedded JavaScript can be uploaded and run in the browser. CVE(s): CVE-2014-3075 Affected product(s) and affected version(s): IBM Business Process Manager Standard V7.5.x, 8.0.x, and 8.5.x IBM Business Process Manager Express V7.5.x, 8.0.x, and 8.5.x IBM Business Process Manager Advanced V7.5.x, 8.0.x, and 8.5.x IBM WebSphere Lombardi Edition V7.2.0.x Refer to the

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_insufficient_control_over_mime_types_in_business_process_manager_bpm_and_websphere_lombardi_edition_document_feature_cve_2014_3075?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2014-3075 ,CVE-2013-6371 ,CVE-2014-0094 and CVE-2014-0411.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-09-04

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT