CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 0CVE-2015-0106
https://notcve.org/view.php?id=CVE-2015-0106
24 Mar 2015 — Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 p... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8913
https://notcve.org/view.php?id=CVE-2014-8913
21 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914. Vulnerabilidad XSS en the Process Portal en IBM Business Process Manager 8.0 a través 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios ... • http://secunia.com/advisories/62205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8914
https://notcve.org/view.php?id=CVE-2014-8914
21 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913. Vulnerabilidad XSS en Process Portal en IBM Business Process Manager 8.0 a través de 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a... • http://secunia.com/advisories/62205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2014-6173
https://notcve.org/view.php?id=CVE-2014-6173
19 Dec 2014 — Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Inspector de Procesos en IBM Business Process Manager (BPM) 8.0.x hasta 8.0.1.3 y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50241 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-6182
https://notcve.org/view.php?id=CVE-2014-6182
17 Dec 2014 — Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en una función de exportación en el centro de procesos en IBM Business Process Manager (BPM) 8.0.x hasta 8.0.1.3 y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto p... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4844
https://notcve.org/view.php?id=CVE-2014-4844
17 Dec 2014 — The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. La funcionalidad import/export en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados evadir las restricciones de acceso a través de una acción de ... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51286 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6176
https://notcve.org/view.php?id=CVE-2014-6176
16 Dec 2014 — IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, y Business Proc... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-6101
https://notcve.org/view.php?id=CVE-2014-6101
31 Oct 2014 — Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la caracteristica redirect-login en IBM Business Process Manager (BPM) Advanced 7.5 hasta 8.5.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61804 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-4802
https://notcve.org/view.php?id=CVE-2014-4802
07 Oct 2014 — The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search. El componente Saved Search Admin en la consola Process Admin en IBM Business Process Manager (BPM) 8.0 hasta 8.5.5 no restringe debidamente los listados de tareas y instancias en las configur... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50984 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-4758
https://notcve.org/view.php?id=CVE-2014-4758
04 Sep 2014 — IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL. IBM Business Process Manager (BPM) 7.5.x hasta 8.5.5 y WebSphere Lombardi Edition 7.2.x permiten a usuarios remotos autenticados evadir las restricciones de acceso y enviar solicitudes a los servicios internos a través de una URL callService. • http://secunia.com/advisories/60851 • CWE-264: Permissions, Privileges, and Access Controls •