Direct links to fixes
Closed as program error.
A REST service framework used in IBM BPM's WebViewer component fails to set the Content-Type header for HTTP 500 error responses. IE 11 has been observed to execute script included in an error response even with content sniffing disabled. This issue affects IBM BPM Process Center and Process Server deployments.
No additional information is available.
A fix for IBM BPM V18.104.22.168, V22.214.171.124, V126.96.36.199 and V188.8.131.52 is available that properly sets HTTP response headers to prevent browsers from executing injected script.
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
31 March 2017