IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
References
Link | Resource |
---|---|
https://www.ibm.com/support/docview.wss?uid=swg21998655 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/98074 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2017-03-07 09:59
Updated : 2017-05-01 18:59
NVD link : CVE-2016-9693
Mitre link : CVE-2016-9693
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
ibm
- websphere
- business_process_manager