FKIE_CVE-2016-9693
Vulnerability from fkie_nvd - Published: 2017-03-07 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42264DE4-CEED-4FA5-8C77-82BF9A55F3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "91BDDE54-95C6-4E95-9427-D83E61355E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*",
"matchCriteriaId": "A7B3E6D1-ADB3-4709-9E02-779EAA7A05E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "1D338AF3-8FE6-4E51-B961-344E157EECFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E78ECD-6FFA-4AA0-B8B4-F9C002D6F8EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "8057C7D0-978D-490B-BE80-597A2CB27A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*",
"matchCriteriaId": "16617000-4388-43EF-AE14-8C108068155F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "E4B6A964-F948-4FAA-A6C7-41641AF12504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC02B89-813E-4B3D-B518-6565BE06C575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "3DEBE193-CDE1-406C-9042-4085AA0EED8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*",
"matchCriteriaId": "05B6C389-9332-4C33-A3AD-270A54AC564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "07630F25-A03C-401D-A16A-51B63014C963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06DFA125-9D52-4C16-9946-DB8D43700415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "EF781F2F-05FB-4DBD-8BC1-98A630CD375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*",
"matchCriteriaId": "17E42B0A-0947-4799-993F-CBF8A84EBD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "E95968B6-FF99-4234-9EC7-6EAA9C7DA753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "613CC0CD-083E-439A-9A53-777E69CDE2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "0F1442C9-ED96-40C5-BE20-987C928BAD9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*",
"matchCriteriaId": "50B6287C-5A45-46B7-A685-93D1CBA0CC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "3693DBD8-F30F-44D0-A154-4C268120D7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "161542A0-E919-4105-AD4F-C881ACF8D26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E71AC948-9F71-403E-8035-172D5F667B54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*",
"matchCriteriaId": "FE68791B-B7AE-4715-810E-0C278E5C363F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "37281A0A-3BE1-4B22-840F-65CA7B8AB360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D1DC9-CB5E-4627-8689-B5FA7C5DE1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E77872E9-D66C-47FF-AA1D-7764D65997A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*",
"matchCriteriaId": "00CC8270-5ABE-428C-9090-16EC8298E50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "446C4FEE-DDB7-41C5-BC9B-7E6B08B074BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32504DEB-7391-4452-BA2E-409959B24222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7B3D03C8-B7F4-43AF-9270-555507AAC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*",
"matchCriteriaId": "A05F59A1-3063-45ED-B1E8-AABC4FC0A807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "3FC25EB0-CA22-4176-8752-8BD26B111F2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F74820-DF10-499E-AF7A-93AC285843D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "E69BBEFA-B321-4085-AEA1-BAE2B0B54524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*",
"matchCriteriaId": "60F679C8-74FB-40F5-A5B8-FBD6BF424379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "7C097D2E-5BB7-4979-A755-E928094A92C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C12274F-495C-4E81-A317-E66916B0A2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*",
"matchCriteriaId": "BE4F0900-83C3-4228-9F3B-2664C1C816F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*",
"matchCriteriaId": "0DDE4CB3-1162-4A51-8EBA-2A25E8B6898B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*",
"matchCriteriaId": "021FABA7-6B97-4511-8E07-B7A34A387493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "989C89DF-C6CB-45C9-9592-30A83896BD71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "9942841D-3E36-4159-AA5A-B534CB701B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*",
"matchCriteriaId": "8FE10C1D-2077-435A-8C14-2746A685681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "F6E31F25-6E71-4A5C-A940-0A935AF19035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "783C2592-9669-4C75-9E63-C834482F6F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*",
"matchCriteriaId": "7A1FCB4E-DC46-4780-9017-1E8E789E785F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*",
"matchCriteriaId": "EE43BACD-D187-49C9-85D1-51E3F71D2274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*",
"matchCriteriaId": "F646DABB-4C10-4308-8169-EC42C358CF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06BDD35B-B0C3-4B90-87E3-19EF561D3722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "19B921EC-DE16-4A2B-BB29-B02A9B416470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*",
"matchCriteriaId": "8578A0D7-3330-4F79-A934-4940673383A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "CC44A2D4-F3D3-4D98-8FDC-8274E1725800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7021B830-3EE4-446D-8D87-BBD2097A023E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*",
"matchCriteriaId": "80D84C06-5E93-4DA4-A333-D3CECB7D74E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "DF7E8429-8750-4D3C-90E1-829031C7C306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3C32B-7397-434D-B084-E92C7C6E2FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "66A4A455-A75B-4363-AC6D-DAD50287EB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*",
"matchCriteriaId": "D06A925E-C739-48A9-B211-36DE458A7898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "12DA4BA4-D130-48C2-BCD0-8D76E0BADDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4B8D43-BD99-499E-B0D4-27BFC997DF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*",
"matchCriteriaId": "66327978-D257-4ADE-8AEA-22547B0E4541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*",
"matchCriteriaId": "ADE7414F-BF17-4415-95C3-FDBC2BC5C7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*",
"matchCriteriaId": "E590C058-EC80-48FB-87C7-3F84E2BC07E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E245DD24-5C1E-4CF0-993D-0D79A5152594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*",
"matchCriteriaId": "8F88ED9A-7D7F-4C1F-87AA-555C941DE583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*",
"matchCriteriaId": "8736CAA3-7C69-4F8D-936B-2B7B3B5DEED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*",
"matchCriteriaId": "CD9103EF-29E7-48E6-ADF4-66D74C3FF427",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere:7.2:*:*:*:lombardi:*:*:*",
"matchCriteriaId": "2D934094-9D9F-4CBC-94F0-82A503D35EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere:7.2.0.1:*:*:*:lombardi:*:*:*",
"matchCriteriaId": "96510E62-70F4-40AB-8DE4-220C833CB306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere:7.2.0.2:*:*:*:lombardi:*:*:*",
"matchCriteriaId": "041B6ACD-FE0B-4EE0-BCF4-10D4555ED9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere:7.2.0.3:*:*:*:lombardi:*:*:*",
"matchCriteriaId": "7D75BE32-0A9B-448F-BE20-E80BD599A14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere:7.2.0.4:*:*:*:lombardi:*:*:*",
"matchCriteriaId": "5B80E411-3F24-4BF0-8B3F-116E0C998E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere:7.2.0.5:*:*:*:lombardi:*:*:*",
"matchCriteriaId": "51B1CAA3-E2AA-4284-A0DC-19E9C76A8149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim\u0027s machine. IBM Reference #: 1998655."
},
{
"lang": "es",
"value": "IBM Business Process Manager 7.5, 8.0 y 8.5 tiene una capacidad de descarga de archivos vulnerable a un conjunto de ataques. Por \u00faltimo, un atacante puede provocar que una v\u00edctima no autenticada se descargue una carga \u00fatil maliciosa. Una restricci\u00f3n de tipo de archivo existente puede eludirse para que la carga \u00fatil pueda considerarse ejecutable y provocar da\u00f1os en la m\u00e1quina de la v\u00edctima. Referencia de IBM #: 1998655."
}
],
"id": "CVE-2016-9693",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-07T17:59:00.210",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/98074"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg21998655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg21998655"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…