CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1424
https://notcve.org/view.php?id=CVE-2017-1424
25 Sep 2017 — IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. IBM Business Process Manager 8.5.7 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades ... • http://www.ibm.com/support/docview.wss?uid=swg22005112 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.5EPSS: 0%CPEs: 72EXPL: 0CVE-2017-1346
https://notcve.org/view.php?id=CVE-2017-1346
25 Sep 2017 — IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. IBM Business Process Manager 7.5, 8.0 y 8.5 guarda temporalmente los archivos en una carpeta temporal durante las instalaciones offline, los cuales podrían ser leídos por un usuario local en un corto espacio de tiempo. IBM X-Force ID: 126461. • http://www.ibm.com/support/docview.wss?uid=swg22004654 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1140
https://notcve.org/view.php?id=CVE-2017-1140
08 Jun 2017 — IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Business Process Manager versiones 8.0 y 8.5 de IBM, son vulnerables a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que alter... • http://www.ibm.com/support/docview.wss?uid=swg21999133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2017-1159
https://notcve.org/view.php?id=CVE-2017-1159
22 May 2017 — IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. Business Process Manager ... • http://www.ibm.com/support/docview.wss?uid=swg22000253 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 74EXPL: 0CVE-2016-9693
https://notcve.org/view.php?id=CVE-2016-9693
07 Mar 2017 — IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. IBM Business Process Manager 7.5, 8.0 y 8.5 tiene una capacidad de descarga de archivos vulnerable a un conjunto de ataques. • http://www.securityfocus.com/bid/98074 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9731
https://notcve.org/view.php?id=CVE-2016-9731
01 Feb 2017 — IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Business Process Manager es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que po... • http://www.ibm.com/support/docview.wss?uid=swg21996158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 68EXPL: 0CVE-2016-3056
https://notcve.org/view.php?id=CVE-2016-3056
14 Oct 2016 — Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content. Vulnerabilidad de XSS en Business Space en IBM Business Process Manager 7.5 hasta la versión 7.5.1.2, 8.0 hasta la versión 8.0.1.3 y 8.5 en versiones anteriores a 8.5.7.0 CF2016.09 permite a usuarios remotos autenticados inyectar secuencias de comandos... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR56300 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5901
https://notcve.org/view.php?id=CVE-2016-5901
05 Oct 2016 — Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en una página de prueba en IBM Business Process Manager Advanced 8.5.6.0 hasta la versión 8.5.7.0 anterior al arreglo acumulativo 2016.09 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través... • http://www-01.ibm.com/support/docview.wss?uid=swg1JR56391 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0349
https://notcve.org/view.php?id=CVE-2016-0349
30 Jun 2016 — IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. IBM Business Process Manager 8.5.6 hasta la versión 8.5.6.2 y 8.5.7 en versiones anteriores a 8.5.7.CF201606 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y actualizar variables de instancia de proceso a través de una llamada API REST. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55701 • CWE-284: Improper Access Control •