CVE-2016-9731

Summary

IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationBusiness Process Manager Advanced7.5affected
IBM CorporationBusiness Process Manager Advanced7.5.0.1affected
IBM CorporationBusiness Process Manager Advanced7.5.1affected
IBM CorporationBusiness Process Manager Advanced7.5.1.1affected
IBM CorporationBusiness Process Manager Advanced7.5.1.2affected
IBM CorporationBusiness Process Manager Advanced8.0affected
IBM CorporationBusiness Process Manager Advanced8.0.1affected
IBM CorporationBusiness Process Manager Advanced8.0.1.1affected
IBM CorporationBusiness Process Manager Advanced8.0.1.2affected
IBM CorporationBusiness Process Manager Advanced8.5affected
IBM CorporationBusiness Process Manager Advanced8.5.0.1affected
IBM CorporationBusiness Process Manager Advanced8.5.5affected
IBM CorporationBusiness Process Manager Advanced8.0.1.3affected
IBM CorporationBusiness Process Manager Advanced8.5.6affected
IBM CorporationBusiness Process Manager Advanced8.5.0.2affected
IBM CorporationBusiness Process Manager Advanced8.5.7affected
IBM CorporationBusiness Process Manager Advanced8.5.7.CF201609affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References