漏洞类别:Local
漏洞等级: 
漏洞信息
IBM Business Process Manager is a comprehensive BPM platform that provides visibility and insight to manage business processes.
IBM Business Process Manager REST API is vulnerable to cross site scripting due to insufficiently restricted parameter values for controlling content types. IFixes shipped with this advisory also close an additional vulnerability due to insufficient authorization checks on interacting with services via the REST API.
Affected Versions:
IBM Business Process Manager 8.5.6, 8.5.5, 8.5.0.1, 8.5, 8.0.1.3, 8.0.1.2, 8.0.1.1, 8.0.1, 8.0, 7.5.1.2, 7.5.1.1, 7.5.1, 7.5.0.1, 7.5.
漏洞危害
If this vulnerability is successfully exploited, attackers can manipulate variable values of tasks that these users are not authorized to see or update.
解决方案
Please refer to the following link swg21700717.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论