CVE-2016-9693

MEDIUM

IBM Business Process Manager - Improper Input Validation

Title source: rule

Description

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.

References (2)

Scores

CVSS v3 6.1
EPSS 0.0018
EPSS Percentile 39.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Classification

CWE
CWE-20
Status published

Affected Products (50)

ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
ibm/business_process_manager
... and 35 more

Timeline

Published Mar 07, 2017
Tracked Since Feb 18, 2026