CVSS: 8.1EPSS: 0%CPEs: 27EXPL: 0CVE-2015-1904
https://notcve.org/view.php?id=CVE-2015-1904
01 Aug 2015 — IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. Vulnerabilidad en IBM Business Process Manager (BPM) 8.0.x hasta la versión 8.0.1.3, 8.5.0 hasta la versión 8.5.0.1, 8.5.5 hasta l... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2015-1905
https://notcve.org/view.php?id=CVE-2015-1905
21 Jul 2015 — The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. Vulnerabilidad en la REST API en IBM Business Process Manager (BPM) en sus versiones 7.5.x hasta la 7.5.1.2, 8.0.x hasta la 8.0.1.3, 8.5.0 hasta la 8.5.0.1, 8.5.5 hasta la 8.5.5.0 y 8.5.6 hasta la 8.5.6.0 permite a... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 55EXPL: 0CVE-2015-1906
https://notcve.org/view.php?id=CVE-2015-1906
21 Jul 2015 — Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la REST API en IBM Business Process Manager (BPM) en sus versiones 7.5.x hasta la 7.5.1.2, 8.0.x hasta la 8.0.1.3, 8.5.0 hasta la 8.5.0.1, 8.5.5 hasta la 8.5.5.0 y 8.5.6 hasta la 8.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 39EXPL: 0CVE-2015-1961
https://notcve.org/view.php?id=CVE-2015-1961
13 Jul 2015 — The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call. La REST API en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, 8.5.5 hasta 8.5.5.0 y 8.5.6 hasta 8.5.6.0, permite a usuarios remotos autent... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR53356 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0CVE-2015-1884
https://notcve.org/view.php?id=CVE-2015-1884
28 Jun 2015 — Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL. Vulnerabilidad de salto de directorio en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edi... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52957 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 57EXPL: 0CVE-2015-0193
https://notcve.org/view.php?id=CVE-2015-0193
30 May 2015 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 61EXPL: 0CVE-2015-0156
https://notcve.org/view.php?id=CVE-2015-0156
25 May 2015 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.6.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a usuarios remotos aute... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT06812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2015-0158
https://notcve.org/view.php?id=CVE-2015-0158
24 Mar 2015 — Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Framework Coach NG en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manip... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2015-0103
https://notcve.org/view.php?id=CVE-2015-0103
24 Mar 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields. Múltiples vulnerabilidades de XSS en el portal de procesos en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permiten a usuarios remotos autenticados inyectar secuencias de comand... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50457 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2015-0105
https://notcve.org/view.php?id=CVE-2015-0105
24 Mar 2015 — Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el portal de procesos en IBM Business Process Manager (BPM) 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulad... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •