CVE-2016-9693
6.1
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Exploitability: 1.8 / Impact: 3.7
Source: NVD
Description
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
Affected (74)
Products: Ibm: Business Process Manager, Websphere
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.5.0.0 |
References (4)
Source: psirt@us.ibm.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.