IBM Security Bulletin: Insufficient control over MIME types in Business Process Manager (BPM) and WebSphere Lombardi Edition document feature (CVE-2014-3075)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
You cannot restrict file uploads by MIME type in a document list coach view. As a result, HTML that contains embedded JavaScript can be uploaded and run in the browser. CVE(s): CVE-2014-3075 Affected product(s) and affected version(s): IBM Business Process Manager Standard V7.5.x, 8.0.x, and 8.5.x IBM Business Process Manager Express V7.5.x, 8.0.x, and 8.5.x IBM Business Process Manager Advanced V7.5.x, 8.0.x, and 8.5.x IBM WebSphere Lombardi Edition V7.2.0.x Refer to the
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_insufficient_control_over_mime_types_in_business_process_manager_bpm_and_websphere_lombardi_edition_document_feature_cve_2014_3075?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-3075 ,CVE-2013-6371 ,CVE-2014-0094 and CVE-2014-0411. |