CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4204
https://notcve.org/view.php?id=CVE-2019-4204
10 May 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125. IBM Business Automation Workflow, versiones 18.0.0.0.0.0, 18.0.0.1, 18.0.0.2 y 19.0.0.1, es vulnerable a los ataques XSS. Esta vulnerabilidad permite a los usuarios incrustar códi... • http://www.securityfocus.com/bid/108328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2019-4045
https://notcve.org/view.php?id=CVE-2019-4045
08 Apr 2019 — IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. Business Automation Workflow y Business Process Manager de IBM en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2 proporcionan funciones de gestión de documentos integradas. Debido a una falta de restricción en una API, un cliente podría f... • https://exchange.xforce.ibmcloud.com/vulnerabilities/156241 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2000
https://notcve.org/view.php?id=CVE-2018-2000
08 Apr 2019 — IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. IBM Business Automation Workflow 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas transmitidas desde un usuario en el que la web confía. IBM X-Forc... • http://www.securityfocus.com/bid/107851 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1999
https://notcve.org/view.php?id=CVE-2018-1999
08 Apr 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889. IBM Business Automation Workflow en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2, podría revelar información confidencial de la versión sobre el servidor desde páginas de error que podrían ayudar a un atacante en futuros ataques contra el sistema. ID de IBM X-Force: 154889. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154889 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1997
https://notcve.org/view.php?id=CVE-2018-1997
08 Apr 2019 — IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774. Business Automation Workflow y Business Process Manager de IBM en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2 son vulnerables a un ataque de denegación de servicio. Un atacante autenticado puede enviar una petición especialmente creada que agote la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/154774 •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1885
https://notcve.org/view.php?id=CVE-2018-1885
08 Apr 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. IBM Business Automation Workflow en sus versiones 18.0.0.0.0, 18.0.0.1 y 18.0.0.0.2 podría permitir a un atacante no autenticado obtener información sensible, utilizando una petición HTTP especialmente comprimida. IBM X-Force ID: 152020. • http://www.securityfocus.com/bid/107863 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1848
https://notcve.org/view.php?id=CVE-2018-1848
14 Dec 2018 — IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. IBM Business Automation Workflow en sus versiones 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en l... • http://www.securityfocus.com/bid/106217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1674
https://notcve.org/view.php?id=CVE-2018-1674
20 Sep 2018 — IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109. IBM Business Process Manager, de la versión 8.5 a la 8.6 y de la versión 18.0.0.0 a la 18.0.0.1, es vulnerable a una in. Un atacante remoto podría enviar instrucciones SQL especialmente manipuladas que podrían permiti... • http://www.securitytracker.com/id/1041717 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •