CVSS: 5.4EPSS: 0%CPEs: 33EXPL: 0CVE-2016-0227
https://notcve.org/view.php?id=CVE-2016-0227
03 Mar 2016 — Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la implementación de control del documento-listado en IBM Business Process Manager (BPM) 8.0 hasta la versión 8.0.1.3, 8.5.0 hasta la versión 8.5.0.2 y 8.5.5 y 8.5.6 hasta la versión 8.5.6.2 p... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55152 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2015-8524
https://notcve.org/view.php?id=CVE-2015-8524
29 Feb 2016 — Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Process Portal en IBM Business Process Manager 8.5.0.x hasta la versión 8.5.0.2, 8.5.5.x hasta la versión 8.5.5.0 y 8.5.6.x hasta la versión 8.5.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a tr... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 54EXPL: 0CVE-2015-7441
https://notcve.org/view.php?id=CVE-2015-7441
01 Jan 2016 — Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Remote Artifact Loader (RAL) en IBM WebSphere Process Server 7 y Business Process Manager Advanced 7.5 hasta la versión 7.5.1.2, 8.0 ... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760 • CWE-17: DEPRECATED: Code •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4955
https://notcve.org/view.php?id=CVE-2015-4955
03 Oct 2015 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 8.0.x hasta la versión 8.0.1.3, 8.5.0 hasta la versión 8.5.0.1, 8.5.5 hasta la versión 8.5.5.0 y 8.5.6 en versiones anteriores a 8.5.6.0 CF1 permite a usuarios remotos autenticados in... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52696 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 27EXPL: 0CVE-2015-1904
https://notcve.org/view.php?id=CVE-2015-1904
01 Aug 2015 — IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. Vulnerabilidad en IBM Business Process Manager (BPM) 8.0.x hasta la versión 8.0.1.3, 8.5.0 hasta la versión 8.5.0.1, 8.5.5 hasta l... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR53209 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 0CVE-2015-1905
https://notcve.org/view.php?id=CVE-2015-1905
21 Jul 2015 — The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. Vulnerabilidad en la REST API en IBM Business Process Manager (BPM) en sus versiones 7.5.x hasta la 7.5.1.2, 8.0.x hasta la 8.0.1.3, 8.5.0 hasta la 8.5.0.1, 8.5.5 hasta la 8.5.5.0 y 8.5.6 hasta la 8.5.6.0 permite a... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 55EXPL: 0CVE-2015-1906
https://notcve.org/view.php?id=CVE-2015-1906
21 Jul 2015 — Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la REST API en IBM Business Process Manager (BPM) en sus versiones 7.5.x hasta la 7.5.1.2, 8.0.x hasta la 8.0.1.3, 8.5.0 hasta la 8.5.0.1, 8.5.5 hasta la 8.5.5.0 y 8.5.6 hasta la 8.5... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 39EXPL: 0CVE-2015-1961
https://notcve.org/view.php?id=CVE-2015-1961
13 Jul 2015 — The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call. La REST API en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, 8.5.5 hasta 8.5.5.0 y 8.5.6 hasta 8.5.6.0, permite a usuarios remotos autent... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR53356 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 57EXPL: 0CVE-2015-1884
https://notcve.org/view.php?id=CVE-2015-1884
28 Jun 2015 — Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL. Vulnerabilidad de salto de directorio en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edi... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52957 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 57EXPL: 0CVE-2015-0193
https://notcve.org/view.php?id=CVE-2015-0193
30 May 2015 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •