Some features in Business Space allow end users to create content that can be displayed by other users. In some cases, end users could provide HTML and thus control parts of the layout for other users.
CVE(s): CVE-2016-3056
Affected product(s) and affected version(s):
- IBM Business Process Manager Advanced V7.5.0.0 – V7.5.1.2
- IBM Business Process Manager Advanced V8.0.0.0 – V8.0.1.3
- IBM Business Process Manager Advanced V8.5.0.0 – V8.5.7.0 prior to cumulative fix 2016.09
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2dFDUy1
X-Force Database: http://ift.tt/2d0h6LK
from IBM Product Security Incident Response Team http://ift.tt/2dFCXpA
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.