CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1999
https://notcve.org/view.php?id=CVE-2018-1999
08 Apr 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889. IBM Business Automation Workflow en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2, podría revelar información confidencial de la versión sobre el servidor desde páginas de error que podrían ayudar a un atacante en futuros ataques contra el sistema. ID de IBM X-Force: 154889. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154889 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1997
https://notcve.org/view.php?id=CVE-2018-1997
08 Apr 2019 — IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774. Business Automation Workflow y Business Process Manager de IBM en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2 son vulnerables a un ataque de denegación de servicio. Un atacante autenticado puede enviar una petición especialmente creada que agote la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/154774 •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1885
https://notcve.org/view.php?id=CVE-2018-1885
08 Apr 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. IBM Business Automation Workflow en sus versiones 18.0.0.0.0, 18.0.0.1 y 18.0.0.0.2 podría permitir a un atacante no autenticado obtener información sensible, utilizando una petición HTTP especialmente comprimida. IBM X-Force ID: 152020. • http://www.securityfocus.com/bid/107863 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1848
https://notcve.org/view.php?id=CVE-2018-1848
14 Dec 2018 — IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. IBM Business Automation Workflow en sus versiones 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en l... • http://www.securityfocus.com/bid/106217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1674
https://notcve.org/view.php?id=CVE-2018-1674
20 Sep 2018 — IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109. IBM Business Process Manager, de la versión 8.5 a la 8.6 y de la versión 18.0.0.0 a la 18.0.0.1, es vulnerable a una in. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permiti... • http://www.securitytracker.com/id/1041717 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 80EXPL: 0CVE-2017-1756
https://notcve.org/view.php?id=CVE-2017-1756
30 Mar 2018 — IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. La versión 8.6 de IBM Business Process Manager permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 135856. • http://www.ibm.com/support/docview.wss?uid=swg22010796 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 59EXPL: 0CVE-2017-1765
https://notcve.org/view.php?id=CVE-2017-1765
30 Mar 2018 — IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150. La versión 8.6 de IBM Business Process Manager podría permitir que un usuario autenticado con privilegios especiales revele información sensible sobre el servidor de la aplicación. IBM X-Force ID: 136150. • http://www.ibm.com/support/docview.wss?uid=swg22011844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2017-1766
https://notcve.org/view.php?id=CVE-2017-1766
30 Mar 2018 — Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151. Debido a una autorización incorrecta en la versión 8.6 de IBM Business Process Manager, un atacante puede reclamar y trabajar en tareas ad hoc a las que no está asignado. IBM X-Force ID: 136151. • http://www.ibm.com/support/docview.wss?uid=swg22011866 • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 30EXPL: 0CVE-2017-1767
https://notcve.org/view.php?id=CVE-2017-1767
30 Mar 2018 — IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152. IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades prev... • http://www.ibm.com/support/docview.wss?uid=swg22012396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 100EXPL: 0CVE-2018-1384
https://notcve.org/view.php?id=CVE-2018-1384
30 Mar 2018 — IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades prev... • http://www.ibm.com/support/docview.wss?uid=swg22012604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •