CVE-2015-1961

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 7.5.x through 7.5.1.2 IBM Business Process Manager versions 8.0.x through 8.0.1.3 IBM Business Process Manager versions 8.5.0 through 8.5.0.1 IBM Business Process Manager versions 8.5.5 through 8.5.5.0 IBM Business Process Manager versions 8.5.6 through 8.5.6.0

Description The issue is related to insufficient access control in the REST API interface of the IBM Business Process Manager system. This allows a remote attacker to bypass existing access restrictions and execute arbitrary JavaScript code on the server using a specially crafted API request.

Recommendations For IBM Business Process Manager versions 7.5.x through 7.5.1.2, update to a version that includes the necessary security fixes to prevent exploitation. For IBM Business Process Manager versions 8.0.x through 8.0.1.3, update to a version that includes the necessary security fixes to prevent exploitation. For IBM Business Process Manager versions 8.5.0 through 8.5.0.1, update to a version that includes the necessary security fixes to prevent exploitation. For IBM Business Process Manager versions 8.5.5 through 8.5.5.0, update to a version that includes the necessary security fixes to prevent exploitation. For IBM Business Process Manager versions 8.5.6 through 8.5.6.0, update to a version that includes the necessary security fixes to prevent exploitation.