CVE-2015-8524

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 8.5.0.x through 8.5.0.2 IBM Business Process Manager versions 8.5.5.x through 8.5.5.0 IBM Business Process Manager versions 8.5.6.x through 8.5.6.2

Description The issue exists due to insufficient protection of the web page structure in the Process Portal component of the Business Process Manager system. This allows a remote attacker to inject arbitrary web or HTML code using a specially crafted URL, which is a cross-site scripting (XSS) vulnerability.

Recommendations For IBM Business Process Manager versions 8.5.0.x through 8.5.0.2, update to a version outside of this range to resolve the issue. For IBM Business Process Manager versions 8.5.5.x through 8.5.5.0, update to a version outside of this range to resolve the issue. For IBM Business Process Manager versions 8.5.6.x through 8.5.6.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to crafted URLs to minimize the risk of exploitation.