CVE-2016-9693

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 7.5 through 8.5

Description The issue allows an attacker to cause an unauthenticated victim to download a malicious payload, potentially bypassing existing file type restrictions. This could lead to the payload being considered executable and causing damage on the victim's machine.

Recommendations For IBM Business Process Manager versions 7.5 through 8.5, consider restricting the file download capability until a fix is available. As a temporary workaround, restrict access to the file download feature to minimize the risk of exploitation.