File Download Vulnerability in IBM Business Process Manager 7.5, 8.0, and 8.5

File Download Vulnerability in IBM Business Process Manager 7.5, 8.0, and 8.5

CVE-2016-9693 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.

Learn more about our Web Application Penetration Testing UK.