Page 13 of 75 results (0.012 seconds)

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter. La API Search REST en IBM Business Process Manager 8.0.1.3, 8.5.0.1, y 8.5.5.0 permite a usuarios remotos autenticados evadir las restricciones de acceso y realizar búsquedas de instancias de tareas y instancias de procesos mediante la especificación de un valor falso para el parámetro filterByCurrentUser. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51391 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913. Vulnerabilidad XSS en Process Portal en IBM Business Process Manager 8.0 a través de 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8913. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51836 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52103 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914. Vulnerabilidad XSS en the Process Portal en IBM Business Process Manager 8.0 a través 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8914. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Inspector de Procesos en IBM Business Process Manager (BPM) 8.0.x hasta 8.0.1.3 y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50241 http://www-01.ibm.com/support/docview.wss?uid=swg21690553 https://exchange.xforce.ibmcloud.com/vulnerabilities/98418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. La funcionalidad import/export en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados evadir las restricciones de acceso a través de una acción de proyecto para (1) una aplicación de proyecto o (2) una caja de herramientas. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51286 http://www.ibm.com/support/docview.wss?uid=swg21690554 https://exchange.xforce.ibmcloud.com/vulnerabilities/95724 • CWE-264: Permissions, Privileges, and Access Controls •