CVE-2015-0106
https://notcve.org/view.php?id=CVE-2015-0106
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795 http://www-01.ibm.com/support/docview.wss?uid=swg21694935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0105
https://notcve.org/view.php?id=CVE-2015-0105
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el portal de procesos en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50162 http://www-01.ibm.com/support/docview.wss?uid=swg1JR50607 http://www-01.ibm.com/support/docview.wss?uid=swg21694937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-6139
https://notcve.org/view.php?id=CVE-2014-6139
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter. La API Search REST en IBM Business Process Manager 8.0.1.3, 8.5.0.1, y 8.5.5.0 permite a usuarios remotos autenticados evadir las restricciones de acceso y realizar búsquedas de instancias de tareas y instancias de procesos mediante la especificación de un valor falso para el parámetro filterByCurrentUser. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51391 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-8914
https://notcve.org/view.php?id=CVE-2014-8914
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913. Vulnerabilidad XSS en Process Portal en IBM Business Process Manager 8.0 a través de 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8913. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51836 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52103 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-8913
https://notcve.org/view.php?id=CVE-2014-8913
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914. Vulnerabilidad XSS en the Process Portal en IBM Business Process Manager 8.0 a través 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8914. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •