CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1848
https://notcve.org/view.php?id=CVE-2018-1848
14 Dec 2018 — IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. IBM Business Automation Workflow en sus versiones 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en l... • http://www.securityfocus.com/bid/106217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 80EXPL: 0CVE-2017-1756
https://notcve.org/view.php?id=CVE-2017-1756
30 Mar 2018 — IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. La versión 8.6 de IBM Business Process Manager permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 135856. • http://www.ibm.com/support/docview.wss?uid=swg22010796 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-0110
https://notcve.org/view.php?id=CVE-2015-0110
15 Sep 2017 — IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. IBM Business Process Manager (BPM) 7.5.x, 8.0.x y 8.5.x y WebSphere Lombardi Edition (WLE) 7.2.x permiten que usuarios autenticados remotos omitan las restricciones de acceso establecidas en tipos de servicios internos mediante vectores relacionados co... • http://www.securityfocus.com/bid/73274 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 74EXPL: 0CVE-2016-9693
https://notcve.org/view.php?id=CVE-2016-9693
07 Mar 2017 — IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. IBM Business Process Manager 7.5, 8.0 y 8.5 tiene una capacidad de descarga de archivos vulnerable a un conjunto de ataques. • http://www.securityfocus.com/bid/98074 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0CVE-2015-1884
https://notcve.org/view.php?id=CVE-2015-1884
28 Jun 2015 — Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL. Vulnerabilidad de salto de directorio en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edi... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52957 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 57EXPL: 0CVE-2015-0193
https://notcve.org/view.php?id=CVE-2015-0193
30 May 2015 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 61EXPL: 0CVE-2015-0156
https://notcve.org/view.php?id=CVE-2015-0156
25 May 2015 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.6.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a usuarios remotos aute... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •