Prasath K

**Name of the Vulnerable Software and Affected Versions** IBM Business Process Manager versions 8.0.1.1 through 8.5.7 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For versions 8.0.1.1 through 8.5.7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Business Process Manager versions 7.5 through 8.5 **Description** The issue allows an attacker to cause an unauthenticated victim to download a malicious payload, potentially bypassing existing file type restrictions. This could lead to the payload being considered executable and causing damage on the victim's machine. **Recommendations** For IBM Business Process Manager versions 7.5 through 8.5, consider restricting the file download capability until a fix is available. As a temporary workaround, restrict access to the file download feature to minimize the risk of exploitation.