IBM Support

JR54981: SECURITY APAR - CVE-2015-8524 - CROSS-SITE SCRIPTING POSSIBLE IN IBM PROCESS PORTAL

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Multiple elements in IBM Process Portal are vulnerable to a
    cross-site scripting attack.
    
    PRODUCTS AFFECTED
    IBM Business Process Manager (BPM) Advanced
    IBM BPM Standard
    IBM BPM Express
    

Local fix

Problem summary

  • No additional information is available.
    

Problem conclusion

  • A fix for IBM BPM V8.5.0.2, V8.5.5.0, and V8.5.6.0 is available.
    
    On Fix Central (http://www.ibm.com/support/fixcentral), search
    for JR54981:
    
    1. Select IBM Business Process Manager with your edition from
    the product selector, the installed version to the fix pack
    level, and your platform, and then click Continue.
    2. Select APAR or SPR, enter JR54981, and click Continue.
    
    For V8.5.6.0, this fix is built on IBM BPM 8.5.6.0 cumulative
    fix 2 and might be included in a later cumulative fix. To
    determine whether the later cumulative fix is available and
    download it if it is, complete the following steps on Fix
    Central:
    
    1. Select IBM Business Process Manager with your edition from
    the product selector, the installed version to the fix pack
    level, and your platform, and then click Continue.
    2. Select Text, enter 'cumulative fix' and click Continue.
    
    When you download fix packages, ensure that you also download
    the readme file for each fix. Review each readme file for
    additional installation instructions and information about the
    fix.
    

Temporary fix

  • Not applicable
    

Comments

APAR Information

  • APAR number

    JR54981

  • Reported component name

    BPM ADVANCED

  • Reported component ID

    5725C9400

  • Reported release

    856

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-12-16

  • Closed date

    2016-02-24

  • Last modified date

    2016-02-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM ADVANCED

  • Fixed component ID

    5725C9400

Applicable component levels

  • R856 PSY

       UP



Document information

More support for: IBM Business Process Manager Advanced

Software version: 856

Reference #: JR54981

Modified date: 24 February 2016