CVE-2016-0227

Опубликовано: 03 мар. 2016

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21978058
Vendor Advisory
http://www.securitytracker.com/id/1035175
http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21978058
Vendor Advisory
http://www.securitytracker.com/id/1035175

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*

cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*

EPSS

Процентиль: 47%

0.00241

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-623j-wpv8-67r4

CVSS3: 5.4

github

больше 3 лет назад

BDU:2016-00636

fstec

почти 10 лет назад

Уязвимость системы автоматизации деятельности предприятия Business Process Manager, позволяющая нарушителю внедрить произвольный Веб- или HTML-код