CVE-2015-0106

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager (BPM) versions 7.5.x through 7.5.1.2 IBM Business Process Manager (BPM) versions 8.0 through 8.0.1.3 IBM Business Process Manager (BPM) versions 8.5.0 through 8.5.0.1 IBM Business Process Manager (BPM) versions 8.5.5 through 8.5.5.0 WebSphere Lombardi Edition (WLE) versions 7.2.x through 7.2.0.5

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This can be achieved by manipulating the URL in a way that injects malicious scripts or HTML code.

Recommendations For IBM Business Process Manager (BPM) versions 7.5.x through 7.5.1.2, update to a version outside of this range to resolve the issue. For IBM Business Process Manager (BPM) versions 8.0 through 8.0.1.3, update to a version outside of this range to resolve the issue. For IBM Business Process Manager (BPM) versions 8.5.0 through 8.5.0.1, update to a version outside of this range to resolve the issue. For IBM Business Process Manager (BPM) versions 8.5.5 through 8.5.5.0, update to a version outside of this range to resolve the issue. For WebSphere Lombardi Edition (WLE) versions 7.2.x through 7.2.0.5, update to a version outside of this range to resolve the issue.