CVSS: 8.2EPSS: 0%CPEs: 17EXPL: 0CVE-2019-4424
https://notcve.org/view.php?id=CVE-2019-4424
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1 y 19.0.0.2 es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162770 https://www.ibm.com/support/docview.wss?uid=ibm10959537 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 0CVE-2019-4425
https://notcve.org/view.php?id=CVE-2019-4425
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1 y 18.0.0.2 podría permitir a un usuario obtener información altamente confidencial de otro usuario insertando enlaces en los que los usuarios desprevenidos harían clic. ID de IBM X-Force: 162771. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162771 https://www.ibm.com/support/docview.wss?uid=ibm10959261 •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1999
https://notcve.org/view.php?id=CVE-2018-1999
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889. IBM Business Automation Workflow en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2, podría revelar información confidencial de la versión sobre el servidor desde páginas de error que podrían ayudar a un atacante en futuros ataques contra el sistema. ID de IBM X-Force: 154889. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154889 https://www.ibm.com/support/docview.wss?uid=ibm10870502 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1885
https://notcve.org/view.php?id=CVE-2018-1885
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. IBM Business Automation Workflow en sus versiones 18.0.0.0.0, 18.0.0.1 y 18.0.0.0.2 podría permitir a un atacante no autenticado obtener información sensible, utilizando una petición HTTP especialmente comprimida. IBM X-Force ID: 152020. • http://www.securityfocus.com/bid/107863 https://exchange.xforce.ibmcloud.com/vulnerabilities/152020 https://www.ibm.com/support/docview.wss?uid=ibm10878106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1848
https://notcve.org/view.php?id=CVE-2018-1848
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. IBM Business Automation Workflow en sus versiones 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106217 https://exchange.xforce.ibmcloud.com/vulnerabilities/150947 https://www.ibm.com/support/docview.wss?uid=ibm10743005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •