CVSS: 2.5EPSS: 0%CPEs: 72EXPL: 0CVE-2017-1346
https://notcve.org/view.php?id=CVE-2017-1346
25 Sep 2017 — IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. IBM Business Process Manager 7.5, 8.0 y 8.5 guarda temporalmente los archivos en una carpeta temporal durante las instalaciones offline, los cuales podrían ser leídos por un usuario local en un corto espacio de tiempo. IBM X-Force ID: 126461. • http://www.ibm.com/support/docview.wss?uid=swg22004654 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-0110
https://notcve.org/view.php?id=CVE-2015-0110
15 Sep 2017 — IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. IBM Business Process Manager (BPM) 7.5.x, 8.0.x y 8.5.x y WebSphere Lombardi Edition (WLE) 7.2.x permiten que usuarios autenticados remotos omitan las restricciones de acceso establecidas en tipos de servicios internos mediante vectores relacionados co... • http://www.securityfocus.com/bid/73274 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0CVE-2015-0101
https://notcve.org/view.php?id=CVE-2015-0101
28 Aug 2017 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en IBM Business Process Manager Standard 7.5.x anterior a la 7.5, 8.0.x anterior a la 8.0.1, 8.5.x anterior a la 8.5... • http://www-01.ibm.com/support/docview.wss?uid=swg21693134 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2017-1159
https://notcve.org/view.php?id=CVE-2017-1159
22 May 2017 — IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. Business Process Manager ... • http://www.ibm.com/support/docview.wss?uid=swg22000253 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 74EXPL: 0CVE-2016-9693
https://notcve.org/view.php?id=CVE-2016-9693
07 Mar 2017 — IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. IBM Business Process Manager 7.5, 8.0 y 8.5 tiene una capacidad de descarga de archivos vulnerable a un conjunto de ataques. • http://www.securityfocus.com/bid/98074 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 68EXPL: 0CVE-2016-3056
https://notcve.org/view.php?id=CVE-2016-3056
14 Oct 2016 — Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content. Vulnerabilidad de XSS en Business Space en IBM Business Process Manager 7.5 hasta la versión 7.5.1.2, 8.0 hasta la versión 8.0.1.3 y 8.5 en versiones anteriores a 8.5.7.0 CF2016.09 permite a usuarios remotos autenticados inyectar secuencias de comandos... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR56300 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2015-7454
https://notcve.org/view.php?id=CVE-2015-7454
21 Mar 2016 — Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. Business Space en IBM WebSphere Process Server 6.1.2.0 hasta la versión 7.0.0.5 y Business Process Manager Advanced 7.5.x hasta la versión 7.5.... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 54EXPL: 0CVE-2015-7441
https://notcve.org/view.php?id=CVE-2015-7441
01 Jan 2016 — Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Remote Artifact Loader (RAL) en IBM WebSphere Process Server 7 y Business Process Manager Advanced 7.5 hasta la versión 7.5.1.2, 8.0 ... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760 • CWE-17: DEPRECATED: Code •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2015-1905
https://notcve.org/view.php?id=CVE-2015-1905
21 Jul 2015 — The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. Vulnerabilidad en la REST API en IBM Business Process Manager (BPM) en sus versiones 7.5.x hasta la 7.5.1.2, 8.0.x hasta la 8.0.1.3, 8.5.0 hasta la 8.5.0.1, 8.5.5 hasta la 8.5.5.0 y 8.5.6 hasta la 8.5.6.0 permite a... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 55EXPL: 0CVE-2015-1906
https://notcve.org/view.php?id=CVE-2015-1906
21 Jul 2015 — Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la REST API en IBM Business Process Manager (BPM) en sus versiones 7.5.x hasta la 7.5.1.2, 8.0.x hasta la 8.0.1.3, 8.5.0 hasta la 8.5.0.1, 8.5.5 hasta la 8.5.5.0 y 8.5.6 hasta la 8.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •