CVE-2015-0158Cross-site Scripting in IBM Business Process Manager

CWE-79Cross-site Scripting13 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 42.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Business Process Manager
Timeline
PublishedMar 24
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-qj54-vpgw-pxrc: Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 82022-05-17
CVEList
CVE-2015-0158: Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 82015-03-24

🕵️Threat Intelligence

5
Trendmicro
Backdoor-Variante infiziert Word-Dokumente und PDFs2019-08-26
Trendmicro
Asruex Backdoor Infects Files Via Old Vulnerabilities2019-08-22
Trendmicro
Asruex Backdoor Infects Files Via Old Vulnerabilities2019-08-22
Trendmicro
Asruex Backdoor Infects Files Via Old Vulnerabilities2019-08-22
Unit42
NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan2016-01-21

💬Community

1
Bugzilla
CVE-2014-0154 ovirt-engine-webadmin: HttpOnly flag is not included when the session ID is set2014-03-28
CVE-2015-0158 — Cross-site Scripting in IBM | cvebase