IBM Business Process Manager CVE-2017-1424 HTML Injection Vulnerability

IBM Business Process Manager is prone to an HTML-injection vulnerability.

Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.

IBM Business Process Manager Advanced 8.5.7.0 8.5.7.0 through 8.5.7.0 Cumulative Fix 2017.06 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus