CVE-2015-0103 — LOW (3.5) — White Hats Nepal

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Business Process Manager	8.0.0.0

Related Weaknesses (CWE)

CWE-79

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50457Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21693270PatchVendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50457Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21693270PatchVendor Advisory

FAQ

What is CVE-2015-0103?

CVE-2015-0103 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authe...

How severe is CVE-2015-0103?

CVE-2015-0103 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0103?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager.