CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29751
https://notcve.org/view.php?id=CVE-2021-29751
28 Jun 2021 — IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779. IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versiones 8.5 y 8.6, podrían permitir a un usuario autenticado obtener información confidencial sobre otro usuario bajo configuraciones no predeterminadas. IBM X-Force ID: 201779 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201779 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-4768
https://notcve.org/view.php?id=CVE-2020-4768
11 Feb 2021 — IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907. IBM Case Manager versiones 5.2 y 5.3 e IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0, son vulnerables a ataques de tipo cross-site scripting. Esta ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 51EXPL: 0CVE-2020-4794
https://notcve.org/view.php?id=CVE-2020-4794
21 Dec 2020 — IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445. IBM Automation Workstream Services versiones 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versión 8.6, podrían permitir a un usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189445 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4900
https://notcve.org/view.php?id=CVE-2020-4900
30 Nov 2020 — IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. IBM Business Automation Workflow versión 19.0.0.3, almacena información potencialmente confidencial en archivos de registro que un usuario local podría leer. IBM X-Force ID: 190991 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190991 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-4672
https://notcve.org/view.php?id=CVE-2020-4672
16 Nov 2020 — IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285. IBM Business Automation Workflow versión 20.0.0.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la interfaz de usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4531
https://notcve.org/view.php?id=CVE-2020-4531
25 Sep 2020 — IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versiones 8.0, 8.5 y 8.6, podrían permitir a un atacante remoto obtener información confide... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182715 • CWE-252: Unchecked Return Value •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4530
https://notcve.org/view.php?id=CVE-2020-4530
15 Sep 2020 — IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. IBM Business Automation Workflow CD0 e IBM Business Process Manager versiones 8.0, 8.5 y 8.6, son vulnerables a ataques de tipo cross-site scripting. Esta vulne... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-4698
https://notcve.org/view.php?id=CVE-2020-4698
08 Sep 2020 — IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841. IBM Business Process Manager versiones 8.5, 8.6 e IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0, son vulnerables a ataques de tipo cross... • https://exchange.xforce.ibmcloud.com/vulnerabilities/186841 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-4516
https://notcve.org/view.php?id=CVE-2020-4516
08 Sep 2020 — IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371. IBM Business Process Manager versiones 8.5, 8.6 e IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0, son vulnerables a ataques de tipo cross-site s... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4557
https://notcve.org/view.php?id=CVE-2020-4557
29 Jun 2020 — IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611. IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versiones 8.5 y 8.6, son vulnerables a un ataque de tipo cross-... • https://exchange.xforce.ibmcloud.com/vulnerabilities/183611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •