Описание
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- VDB EntryVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- VDB EntryVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:advanced:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:registry:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6.0.0:*:*:*:*:*:*:*
Конфигурация 5
Одно из
cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf201712:*:*:express:*:*:*
Конфигурация 6
Одно из
cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:standard:*:*:*
EPSS
Процентиль: 60%
0.0039
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
EPSS
Процентиль: 60%
0.0039
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79