CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2017-1766
https://notcve.org/view.php?id=CVE-2017-1766
30 Mar 2018 — Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151. Debido a una autorización incorrecta en la versión 8.6 de IBM Business Process Manager, un atacante puede reclamar y trabajar en tareas ad hoc a las que no está asignado. IBM X-Force ID: 136151. • http://www.ibm.com/support/docview.wss?uid=swg22011866 • CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 30EXPL: 0CVE-2017-1767
https://notcve.org/view.php?id=CVE-2017-1767
30 Mar 2018 — IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152. IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades prev... • http://www.ibm.com/support/docview.wss?uid=swg22012396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 100EXPL: 0CVE-2018-1384
https://notcve.org/view.php?id=CVE-2018-1384
30 Mar 2018 — IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades prev... • http://www.ibm.com/support/docview.wss?uid=swg22012604 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1769
https://notcve.org/view.php?id=CVE-2017-1769
24 Jan 2018 — IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783. IBM Business Process Manager 8.6 es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 136783. • http://www.ibm.com/support/docview.wss?uid=swg22011579 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1628
https://notcve.org/view.php?id=CVE-2017-1628
27 Nov 2017 — IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. IBM Business Process Manager 8.6.0.0 permite que usuarios autenticados detengan y reanuden el gestor de eventos llamando a una API REST con comprobaciones de autorización incorrectas. • http://www.ibm.com/support/docview.wss?uid=swg22009496 • CWE-863: Incorrect Authorization •