cnvd - cnvd-2015-04371

cnvd-2015-04371

Vulnerability from cnvd

Title

IBM Business Process Manager跨站脚本漏洞（CNVD-2015-04371）

Description

IBM Business Process Manager（BPM）是美国IBM公司的一套综合的业务流程管理平台。该平台为业务的流程建模、组装、监控和部署提供了一系列的相关工具。 IBM BPM中存在跨站脚本漏洞，该漏洞源于程序未能充分过滤用户提交的输入。当用户浏览受影响的网站时，其浏览器将执行攻击者提供的任意脚本代码。

Severity

中

Patch Name

IBM Business Process Manager跨站脚本漏洞（CNVD-2015-04371）的补丁

Patch Description

IBM Business Process Manager（BPM）是美国IBM公司的一套综合的业务流程管理平台。该平台为业务的流程建模、组装、监控和部署提供了一系列的相关工具。IBM BPM中存在跨站脚本漏洞，该漏洞源于程序未能充分过滤用户提交的输入。当用户浏览受影响的网站时，其浏览器将执行攻击者提供的任意脚本代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www-01.ibm.com/support/docview.wss?uid=swg27039722

Reference

http://www.securityfocus.com/bid/72920

Impacted products

Name
['IBM Business Process Manager Advanced 7.5.x', 'IBM Business Process Manager Advanced 8.0.x', 'IBM Business Process Manager Advanced 8.5.x', 'IBM Business Process Manager Express 7.5.x', 'IBM Business Process Manager Express 8.0.x', 'IBM Business Process Manager Express 8.5.x', 'IBM Business Process Manager Standard 7.5.x', 'IBM Business Process Manager Standard 8.0.x', 'IBM Business Process Manager Standard 8.5.x']

Name

['IBM Business Process Manager Advanced 7.5.x', 'IBM Business Process Manager Advanced 8.0.x', 'IBM Business Process Manager Advanced 8.5.x', 'IBM Business Process Manager Express 7.5.x', 'IBM Business Process Manager Express 8.0.x', 'IBM Business Process Manager Express 8.5.x', 'IBM Business Process Manager Standard 7.5.x', 'IBM Business Process Manager Standard 8.0.x', 'IBM Business Process Manager Standard 8.5.x']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72920"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0101"
    }
  },
  "description": "IBM Business Process Manager\uff08BPM\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7efc\u5408\u7684\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3a\u4e1a\u52a1\u7684\u6d41\u7a0b\u5efa\u6a21\u3001\u7ec4\u88c5\u3001\u76d1\u63a7\u548c\u90e8\u7f72\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u7684\u76f8\u5173\u5de5\u5177\u3002\r\n\r\nIBM BPM\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u5f53\u7528\u6237\u6d4f\u89c8\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u65f6\uff0c\u5176\u6d4f\u89c8\u5668\u5c06\u6267\u884c\u653b\u51fb\u8005\u63d0\u4f9b\u7684\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg27039722",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04371",
  "openTime": "2015-07-09",
  "patchDescription": "IBM Business Process Manager\uff08BPM\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u7efc\u5408\u7684\u4e1a\u52a1\u6d41\u7a0b\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3a\u4e1a\u52a1\u7684\u6d41\u7a0b\u5efa\u6a21\u3001\u7ec4\u88c5\u3001\u76d1\u63a7\u548c\u90e8\u7f72\u63d0\u4f9b\u4e86\u4e00\u7cfb\u5217\u7684\u76f8\u5173\u5de5\u5177\u3002IBM BPM\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u5f53\u7528\u6237\u6d4f\u89c8\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u65f6\uff0c\u5176\u6d4f\u89c8\u5668\u5c06\u6267\u884c\u653b\u51fb\u8005\u63d0\u4f9b\u7684\u4efb\u610f\u811a\u672c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Business Process Manager\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2015-04371\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Business Process Manager Advanced 7.5.x",
      "IBM Business Process Manager Advanced  8.0.x",
      "IBM Business Process Manager Advanced  8.5.x",
      "IBM Business Process Manager Express 7.5.x",
      "IBM Business Process Manager Express  8.0.x",
      "IBM Business Process Manager Express  8.5.x",
      "IBM Business Process Manager Standard 7.5.x",
      "IBM Business Process Manager Standard  8.0.x",
      "IBM Business Process Manager Standard  8.5.x"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/72920",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-08",
  "title": "IBM Business Process Manager\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2015-04371\uff09"
}

CVE-2015-0101 (GCVE-0-2015-0101)

Vulnerability from cvelistv5

Published

2017-08-28 15:00

Modified

2024-08-06 03:55

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5.

References

URL

Tags

	http://www.securityfocus.com/bid/72920	vdb-entry, x_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg21693134	x_refsource_CONFIRM