CVE-2016-9693
N/A
N/A
Summary
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM Corporation | Business Process Manager Advanced | 7.5 | affected |
| IBM Corporation | Business Process Manager Advanced | 7.5.0.1 | affected |
| IBM Corporation | Business Process Manager Advanced | 7.5.1 | affected |
| IBM Corporation | Business Process Manager Advanced | 7.5.1.1 | affected |
| IBM Corporation | Business Process Manager Advanced | 7.5.1.2 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.0 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.0.1 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.0.1.1 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.0.1.2 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.0.1 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.5 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.0.1.3 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.6 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.0.2 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.7 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.7.CF201609 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.6.1 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.6.2 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.7.CF201606 | affected |
| IBM Corporation | Business Process Manager Advanced | 8.5.7.CF201612 | affected |
Weaknesses
- Gain Access
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.