Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Business_process_manager
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 88 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-26 | CVE-2017-1530 | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. | Business_process_manager | 5.4 | ||
| 2017-09-26 | CVE-2017-1527 | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. | Business_process_manager | 8.1 | ||
| 2017-09-26 | CVE-2017-1425 | IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478. | Business_process_manager | 5.4 | ||
| 2017-09-25 | CVE-2017-1424 | IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. | Business_process_manager | 5.4 | ||
| 2017-09-25 | CVE-2017-1346 | IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. | Business_process_manager | 2.5 | ||
| 2017-05-22 | CVE-2017-1159 | IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. | Business_process_manager | 5.4 | ||
| 2017-06-08 | CVE-2017-1140 | IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Business_process_manager | 5.4 | ||
| 2017-02-01 | CVE-2016-9731 | IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Business_process_manager | 5.4 | ||
| 2017-03-07 | CVE-2016-9693 | IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. | Business_process_manager, Websphere | 6.1 | ||
| 2016-10-05 | CVE-2016-5901 | Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | Business_process_manager | 5.4 |