{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-23T23:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "JR50457", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50457"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693270"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-0103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JR50457", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50457"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21693270", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693270"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-0103", "datePublished": "2015-03-24T00:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2015-03-23T23:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "E71AC948-9F71-403E-8035-172D5F667B54", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*", "matchCriteriaId": "FE68791B-B7AE-4715-810E-0C278E5C363F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*", "matchCriteriaId": "37281A0A-3BE1-4B22-840F-65CA7B8AB360", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "E77872E9-D66C-47FF-AA1D-7764D65997A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*", "matchCriteriaId": "00CC8270-5ABE-428C-9090-16EC8298E50C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*", "matchCriteriaId": "446C4FEE-DDB7-41C5-BC9B-7E6B08B074BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "7B3D03C8-B7F4-43AF-9270-555507AAC527", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*", "matchCriteriaId": "A05F59A1-3063-45ED-B1E8-AABC4FC0A807", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*", "matchCriteriaId": "3FC25EB0-CA22-4176-8752-8BD26B111F2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*", "matchCriteriaId": "E69BBEFA-B321-4085-AEA1-BAE2B0B54524", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*", "matchCriteriaId": "60F679C8-74FB-40F5-A5B8-FBD6BF424379", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*", "matchCriteriaId": "7C097D2E-5BB7-4979-A755-E928094A92C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*", "matchCriteriaId": "BE4F0900-83C3-4228-9F3B-2664C1C816F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*", "matchCriteriaId": "0DDE4CB3-1162-4A51-8EBA-2A25E8B6898B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*", "matchCriteriaId": "021FABA7-6B97-4511-8E07-B7A34A387493", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "9942841D-3E36-4159-AA5A-B534CB701B6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*", "matchCriteriaId": "8FE10C1D-2077-435A-8C14-2746A685681C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*", "matchCriteriaId": "F6E31F25-6E71-4A5C-A940-0A935AF19035", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*", "matchCriteriaId": "7A1FCB4E-DC46-4780-9017-1E8E789E785F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*", "matchCriteriaId": "EE43BACD-D187-49C9-85D1-51E3F71D2274", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*", "matchCriteriaId": "F646DABB-4C10-4308-8169-EC42C358CF41", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*", "matchCriteriaId": "00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*", "matchCriteriaId": "80D84C06-5E93-4DA4-A333-D3CECB7D74E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*", "matchCriteriaId": "DF7E8429-8750-4D3C-90E1-829031C7C306", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en el portal de procesos en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de campos de datos no especificados."}], "id": "CVE-2015-0103", "lastModified": "2015-03-24T14:46:36.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-03-24T00:59:00.077", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50457"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21693270"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}