CVE-2016-0227

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 8.0 through 8.0.1.3 IBM Business Process Manager versions 8.5.0 through 8.5.0.2 IBM Business Process Manager versions 8.5.5 through 8.5.6.2

Description The issue exists due to insufficient protection of the web page structure in the Document List control implementation. This allows a remote attacker to inject arbitrary web or HTML code using a specially crafted URL. The vulnerability can be exploited by remote authenticated users.

Recommendations For IBM Business Process Manager versions 8.0 through 8.0.1.3, update to a version outside of this range to resolve the issue. For IBM Business Process Manager versions 8.5.0 through 8.5.0.2, update to a version outside of this range to resolve the issue. For IBM Business Process Manager versions 8.5.5 through 8.5.6.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Document List control implementation until a patch is available.