Description
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
Affected products
- IBM Corporation / Business Process Manager Advanced7.5 – 7.5
- IBM Corporation / Business Process Manager Advanced7.5.0.1 – 7.5.0.1
- IBM Corporation / Business Process Manager Advanced7.5.1 – 7.5.1
- IBM Corporation / Business Process Manager Advanced7.5.1.1 – 7.5.1.1
- IBM Corporation / Business Process Manager Advanced7.5.1.2 – 7.5.1.2
- IBM Corporation / Business Process Manager Advanced8.0 – 8.0
- IBM Corporation / Business Process Manager Advanced8.0.1 – 8.0.1
- IBM Corporation / Business Process Manager Advanced8.0.1.1 – 8.0.1.1
- IBM Corporation / Business Process Manager Advanced8.0.1.2 – 8.0.1.2
- IBM Corporation / Business Process Manager Advanced8.5 – 8.5
- IBM Corporation / Business Process Manager Advanced8.5.0.1 – 8.5.0.1
- IBM Corporation / Business Process Manager Advanced8.5.5 – 8.5.5
- IBM Corporation / Business Process Manager Advanced8.0.1.3 – 8.0.1.3
- IBM Corporation / Business Process Manager Advanced8.5.6 – 8.5.6
- IBM Corporation / Business Process Manager Advanced8.5.0.2 – 8.5.0.2
- IBM Corporation / Business Process Manager Advanced8.5.7 – 8.5.7
- IBM Corporation / Business Process Manager Advanced8.5.7.CF201609 – 8.5.7.CF201609
- IBM Corporation / Business Process Manager Advanced8.5.6.1 – 8.5.6.1
- IBM Corporation / Business Process Manager Advanced8.5.6.2 – 8.5.6.2
- IBM Corporation / Business Process Manager Advanced8.5.7.CF201606 – 8.5.7.CF201606
- IBM Corporation / Business Process Manager Advanced8.5.7.CF201612 – 8.5.7.CF201612