CVE-2015-4955: XSS
First published: Sat Oct 03 2015(Updated: )
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Business Process Manager | =8.0.0.0 | |
| IBM Business Process Manager | =8.0.0.0 | |
| IBM Business Process Manager | =8.0.0.0 | |
| IBM Business Process Manager | =8.0.0.0 | |
| IBM Business Process Manager | =8.0.1.0 | |
| IBM Business Process Manager | =8.0.1.0 | |
| IBM Business Process Manager | =8.0.1.0 | |
| IBM Business Process Manager | =8.0.1.0 | |
| IBM Business Process Manager | =8.0.1.1 | |
| IBM Business Process Manager | =8.0.1.1 | |
| IBM Business Process Manager | =8.0.1.1 | |
| IBM Business Process Manager | =8.0.1.1 | |
| IBM Business Process Manager | =8.0.1.2 | |
| IBM Business Process Manager | =8.0.1.2 | |
| IBM Business Process Manager | =8.0.1.2 | |
| IBM Business Process Manager | =8.0.1.2 | |
| IBM Business Process Manager | =8.0.1.3 | |
| IBM Business Process Manager | =8.0.1.3 | |
| IBM Business Process Manager | =8.0.1.3 | |
| IBM Business Process Manager | =8.5.0.0 | |
| IBM Business Process Manager | =8.5.0.0 | |
| IBM Business Process Manager | =8.5.0.0 | |
| IBM Business Process Manager | =8.5.0.0 | |
| IBM Business Process Manager | =8.5.0.1 | |
| IBM Business Process Manager | =8.5.0.1 | |
| IBM Business Process Manager | =8.5.0.1 | |
| IBM Business Process Manager | =8.5.0.1 | |
| IBM Business Process Manager | =8.5.5.0 | |
| IBM Business Process Manager | =8.5.5.0 | |
| IBM Business Process Manager | =8.5.5.0 | |
| IBM Business Process Manager | =8.5.5.0 | |
| IBM Business Process Manager | =8.5.6.0 | |
| IBM Business Process Manager | =8.5.6.0 | |
| IBM Business Process Manager | =8.5.6.0 | |
| IBM Business Process Manager | =8.5.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-4955?
CVE-2015-4955 has a high severity rating due to its potential to allow remote authenticated users to inject malicious web scripts.
How do I fix CVE-2015-4955?
To mitigate CVE-2015-4955, it is advised to apply the latest updates or patches provided by IBM for affected versions of Business Process Manager.
What versions of IBM Business Process Manager are affected by CVE-2015-4955?
CVE-2015-4955 affects IBM Business Process Manager versions 8.0.x up to 8.0.1.3 and 8.5.0 through 8.5.6 before 8.5.6.0 CF1.
Who is vulnerable to CVE-2015-4955?
Remote authenticated users of the affected versions of IBM Business Process Manager are vulnerable to CVE-2015-4955.
What type of vulnerability is CVE-2015-4955 classified as?
CVE-2015-4955 is classified as a Cross-site Scripting (XSS) vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/ibm
- canonical/ibm business process manager
- version/ibm business process manager/8.0.0.0
- version/ibm business process manager/8.0.1.0
- version/ibm business process manager/8.0.1.1
- version/ibm business process manager/8.0.1.2
- version/ibm business process manager/8.0.1.3
- version/ibm business process manager/8.5.0.0
- version/ibm business process manager/8.5.0.1
- version/ibm business process manager/8.5.5.0
- version/ibm business process manager/8.5.6.0