PT-2014-5068 · Ibm · Ibm Business Process Manager+1

Publicado

2014-09-04

Atualizado

2017-08-29

CVE-2014-3075

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager (BPM) versions 7.5.x through 8.5.5 WebSphere Lombardi Edition version 7.2.0.x

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file. This can lead to the execution of malicious code on the user's browser.

Recommendations For IBM Business Process Manager (BPM) versions 7.5.x through 8.5.5, update to a version that includes the fix for this issue. For WebSphere Lombardi Edition version 7.2.0.x, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2014-3075

Produtos afetados

Ibm Business Process Manager

Websphere Lombardi Edition

PT-2014-5068 · Ibm · Ibm Business Process Manager+1

CVE-2014-3075

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5