XSS in Ibm Business_process_manager

CVE-2015-0156

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated u…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (45.6th percentile) — read the EPSS interpretation.

Affected products

Ibm Business_process_manager — versions 7.5.0.0, 7.5.0.1, 7.5.1.0
Ibm Websphere — versions 7.2, 7.2.0.1, 7.2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
IT06812 (vendor-advisory, Patch, x_refsource_AIXAPAR, Vendor Advisory)
JR52420 (vendor-advisory, Patch, x_refsource_AIXAPAR, Vendor Advisory)