Direct links to fixes
APAR status
Closed as program error.
Error description
CVEID: CVE-2013-5462 DESCRIPTION: The IBM Content Navigator application URL can be opened within a frame in a web page. In this context it is possible for the containing parent frame to record user input to the contained frame, capturing sensitive information like login credentials. The attack requires that a user be tricked into opening a page provided by an attacker. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88358 f or the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Local fix
Problem summary
No additional information is available. PRODUCTS AFFECTED IBM Business Process Manager (BPM) Advanced IBM BPM Standard IBM BPM Express
Problem conclusion
A fix is available for IBM BPM V8.5.5.0 that updates the vulnerable embedded component to a fixed version. No other versions of IBM BPM are affected.
Temporary fix
Comments
APAR Information
APAR number
JR57282
Reported component name
BPM STANDARD
Reported component ID
5725C9500
Reported release
855
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-01-31
Closed date
2017-02-24
Last modified date
2017-02-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM STANDARD
Fixed component ID
5725C9500
Applicable component levels
R855 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
24 February 2017