CVE-2016-0227 - Vulnerability Details

Vendors	Products
Ibm	Business Process Manager

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152
http://www-01.ibm.com/support/docview.wss?uid=swg21978058
http://www.securitytracker.com/id/1035175

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "1035175", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035175"}, {"name": "JR55152", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978058"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2016-0227", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035175", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035175"}, {"name": "JR55152", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21978058", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978058"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:15:23.381Z"}, "title": "CVE Program Container", "references": [{"name": "1035175", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035175"}, {"name": "JR55152", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978058"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2016-0227", "datePublished": "2016-03-03T22:00:00", "dateReserved": "2015-12-08T00:00:00", "dateUpdated": "2024-08-05T22:15:23.381Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-03-01T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-01T15:57:02 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : 1035175 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1035175 (string)

}

1 : { »

name : JR55152 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21978058 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2016-0227 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1035175 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1035175 (string)

}

1 : { »

name : JR55152 (string)

refsource : AIXAPAR (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152 (string)

}

2 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21978058 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21978058 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:15:23.381Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1035175 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1035175 (string)

}

1 : { »

name : JR55152 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_AIXAPAR (string)

2 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21978058 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2016-0227 (string)

datePublished : 2016-03-03T22:00:00 (string)

dateReserved : 2015-12-08T00:00:00 (string)

dateUpdated : 2024-08-05T22:15:23.381Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "E71AC948-9F71-403E-8035-172D5F667B54", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*", "matchCriteriaId": "FE68791B-B7AE-4715-810E-0C278E5C363F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*", "matchCriteriaId": "37281A0A-3BE1-4B22-840F-65CA7B8AB360", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "E77872E9-D66C-47FF-AA1D-7764D65997A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*", "matchCriteriaId": "00CC8270-5ABE-428C-9090-16EC8298E50C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*", "matchCriteriaId": "446C4FEE-DDB7-41C5-BC9B-7E6B08B074BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "7B3D03C8-B7F4-43AF-9270-555507AAC527", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*", "matchCriteriaId": "A05F59A1-3063-45ED-B1E8-AABC4FC0A807", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*", "matchCriteriaId": "3FC25EB0-CA22-4176-8752-8BD26B111F2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*", "matchCriteriaId": "E69BBEFA-B321-4085-AEA1-BAE2B0B54524", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*", "matchCriteriaId": "60F679C8-74FB-40F5-A5B8-FBD6BF424379", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*", "matchCriteriaId": "7C097D2E-5BB7-4979-A755-E928094A92C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*", "matchCriteriaId": "BE4F0900-83C3-4228-9F3B-2664C1C816F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*", "matchCriteriaId": "0DDE4CB3-1162-4A51-8EBA-2A25E8B6898B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*", "matchCriteriaId": "021FABA7-6B97-4511-8E07-B7A34A387493", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "9942841D-3E36-4159-AA5A-B534CB701B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*", "matchCriteriaId": "8FE10C1D-2077-435A-8C14-2746A685681C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*", "matchCriteriaId": "F6E31F25-6E71-4A5C-A940-0A935AF19035", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "7A1FCB4E-DC46-4780-9017-1E8E789E785F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*", "matchCriteriaId": "EE43BACD-D187-49C9-85D1-51E3F71D2274", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*", "matchCriteriaId": "F646DABB-4C10-4308-8169-EC42C358CF41", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*", "matchCriteriaId": "19B921EC-DE16-4A2B-BB29-B02A9B416470", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*", "matchCriteriaId": "8578A0D7-3330-4F79-A934-4940673383A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*", "matchCriteriaId": "CC44A2D4-F3D3-4D98-8FDC-8274E1725800", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*", "matchCriteriaId": "80D84C06-5E93-4DA4-A333-D3CECB7D74E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*", "matchCriteriaId": "DF7E8429-8750-4D3C-90E1-829031C7C306", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "66A4A455-A75B-4363-AC6D-DAD50287EB99", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*", "matchCriteriaId": "D06A925E-C739-48A9-B211-36DE458A7898", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*", "matchCriteriaId": "12DA4BA4-D130-48C2-BCD0-8D76E0BADDBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*", "matchCriteriaId": "66327978-D257-4ADE-8AEA-22547B0E4541", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*", "matchCriteriaId": "ADE7414F-BF17-4415-95C3-FDBC2BC5C7A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*", "matchCriteriaId": "E590C058-EC80-48FB-87C7-3F84E2BC07E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la implementaci\u00f3n de control del documento-listado en IBM Business Process Manager (BPM) 8.0 hasta la versi\u00f3n 8.0.1.3, 8.5.0 hasta la versi\u00f3n 8.5.0.2 y 8.5.5 y 8.5.6 hasta la versi\u00f3n 8.5.6.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."}], "id": "CVE-2016-0227", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-03T22:59:10.537", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978058"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1035175"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978058"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035175"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:* (string)

matchCriteriaId : E71AC948-9F71-403E-8035-172D5F667B54 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:* (string)

matchCriteriaId : FE68791B-B7AE-4715-810E-0C278E5C363F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:* (string)

matchCriteriaId : 37281A0A-3BE1-4B22-840F-65CA7B8AB360 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:* (string)

matchCriteriaId : E77872E9-D66C-47FF-AA1D-7764D65997A8 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:* (string)

matchCriteriaId : 00CC8270-5ABE-428C-9090-16EC8298E50C (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:* (string)

matchCriteriaId : 446C4FEE-DDB7-41C5-BC9B-7E6B08B074BC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:* (string)

matchCriteriaId : 7B3D03C8-B7F4-43AF-9270-555507AAC527 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:* (string)

matchCriteriaId : A05F59A1-3063-45ED-B1E8-AABC4FC0A807 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:* (string)

matchCriteriaId : 3FC25EB0-CA22-4176-8752-8BD26B111F2C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:* (string)

matchCriteriaId : E69BBEFA-B321-4085-AEA1-BAE2B0B54524 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:* (string)

matchCriteriaId : 60F679C8-74FB-40F5-A5B8-FBD6BF424379 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:* (string)

matchCriteriaId : 7C097D2E-5BB7-4979-A755-E928094A92C1 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:* (string)

matchCriteriaId : BE4F0900-83C3-4228-9F3B-2664C1C816F9 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:* (string)

matchCriteriaId : 0DDE4CB3-1162-4A51-8EBA-2A25E8B6898B (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:* (string)

matchCriteriaId : 021FABA7-6B97-4511-8E07-B7A34A387493 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:* (string)

matchCriteriaId : 9942841D-3E36-4159-AA5A-B534CB701B6A (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:* (string)

matchCriteriaId : 8FE10C1D-2077-435A-8C14-2746A685681C (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:* (string)

matchCriteriaId : F6E31F25-6E71-4A5C-A940-0A935AF19035 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:* (string)

matchCriteriaId : 7A1FCB4E-DC46-4780-9017-1E8E789E785F (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:* (string)

matchCriteriaId : EE43BACD-D187-49C9-85D1-51E3F71D2274 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:* (string)

matchCriteriaId : F646DABB-4C10-4308-8169-EC42C358CF41 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:* (string)

matchCriteriaId : 19B921EC-DE16-4A2B-BB29-B02A9B416470 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:* (string)

matchCriteriaId : 8578A0D7-3330-4F79-A934-4940673383A4 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:* (string)

matchCriteriaId : CC44A2D4-F3D3-4D98-8FDC-8274E1725800 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:* (string)

matchCriteriaId : 00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:* (string)

matchCriteriaId : 80D84C06-5E93-4DA4-A333-D3CECB7D74E4 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:* (string)

matchCriteriaId : DF7E8429-8750-4D3C-90E1-829031C7C306 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:* (string)

matchCriteriaId : 66A4A455-A75B-4363-AC6D-DAD50287EB99 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:* (string)

matchCriteriaId : D06A925E-C739-48A9-B211-36DE458A7898 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:* (string)

matchCriteriaId : 12DA4BA4-D130-48C2-BCD0-8D76E0BADDBA (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:* (string)

matchCriteriaId : 66327978-D257-4ADE-8AEA-22547B0E4541 (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:* (string)

matchCriteriaId : ADE7414F-BF17-4415-95C3-FDBC2BC5C7A2 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:* (string)

matchCriteriaId : E590C058-EC80-48FB-87C7-3F84E2BC07E1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de XSS en la implementación de control del documento-listado en IBM Business Process Manager (BPM) 8.0 hasta la versión 8.0.1.3, 8.5.0 hasta la versión 8.5.0.2 y 8.5.5 y 8.5.6 hasta la versión 8.5.6.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. (string)

}

]

id : CVE-2016-0227 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-03-03T22:59:10.537 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21978058 (string)

}

2 : { »

source : psirt@us.ibm.com (string)

url : http://www.securitytracker.com/id/1035175 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21978058 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1035175 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object