Direct links to fixes
Version 8.5.0 Fix Pack 2 for the IBM Business Process Manager products
Version 8.5 Refresh Pack 7 for the IBM Business Process Manager products
Closed as program error.
The IBM Business Process Manager (BPM) REST API is vulnerable to cross-site scripting because parameter values for controlling content types are insufficiently restricted . Also, authorizations for interactions with services that occur through REST APIs are insufficiently checked, causing another vulnerability.
No additional information is available.
A fix is available for IBM BPM that mends these vulnerabilities. On Fix Central (http://www.ibm.com/support/fixcentral), search for JR52772: 1. Select IBM Business Process Manager with your edition from the product selector, the installed version to the fix pack level, and your platform, and then click Continue. 2. Select APAR or SPR, enter JR52772, and click Continue. When you download fix packages, ensure that you also download the readme file for each fix. Review each readme file for additional installation instructions and information about the fix.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
14 October 2021