JR56391: SECURITY APAR CVE-2016-5901 - CROSS-SITE SCRIPTING VULNERABILITY IN A PROCESS ADMIN CONSOLE SUBPAGE
Direct links to fixes
Closed as program error.
Panels in the Process Admin Console are not protected from cross-site scripting attacks.
A fix is available for installation on top of IBM BPM V8.5.6 cumulative fix 2 (http://www.ibm.com/support/docview.wss?uid=swg24041303) that secures the Process Admin Console against cross-site scripting attacks. Ensure you have IBM BPM V8.5.6 cumulative fix 2 installed. Then, search for JR56391 on Fix Central (http://www.ibm.com/support/fixcentral): 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR56391, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels