N/A

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.

N/A

N/A

IBM Business Process Manager 安全漏洞

IBM Business Process Manager（BPM）是美国IBM公司的一套综合的业务流程管理平台，它为业务的流程建模、组装、监控和部署提供了一系列的相关工具。WebSphere Lombardi Edition（WLE）是BPM产品的前身。 IBM BPM中存在安全漏洞。攻击者可借助特制的URL利用该漏洞将恶意的内容下载到用户设备上。以下产品和版本受到影响：IBM BPM 7.5.0.0版本至7.5.1.2版本，8.0.0.0版本至8.0.1.3版本，8.5.0.0版本至8.5.0.2版本，

N/A

N/A