IBM BPM allows users to interact with one another without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection.
CVE(s): CVE-2017-1424
Affected product(s) and affected version(s):
– IBM Business Process Manager Advanced V8.5.7.0 including cumulative fix 2017.06
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2xsC6VM
X-Force Database: http://ift.tt/2wLrMor
The post IBM Security Bulletin: HTML injection vulnerability in IBM Business Process Manager (BPM) – CVE-2017-1424 appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2xtrOF8
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.