CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 0CVE-2019-4425
https://notcve.org/view.php?id=CVE-2019-4425
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1 y 18.0.0.2 podría permitir a un usuario obtener información altamente confidencial de otro usuario insertando enlaces en los que los usuarios desprevenidos harían clic. ID de IBM X-Force: 162771. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162771 https://www.ibm.com/support/docview.wss?uid=ibm10959261 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4410
https://notcve.org/view.php?id=CVE-2019-4410
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657. IBM Business Automation Workflow versiones 18.0.0.0, 18.0.0.1, 18.0.0.2, y 19.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgación de credenciales dentro de una sesión de confianza. • http://www.securityfocus.com/bid/108993 https://exchange.xforce.ibmcloud.com/vulnerabilities/162657 https://www.ibm.com/support/docview.wss?uid=ibm10888037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4204
https://notcve.org/view.php?id=CVE-2019-4204
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125. IBM Business Automation Workflow, versiones 18.0.0.0.0.0, 18.0.0.1, 18.0.0.2 y 19.0.0.1, es vulnerable a los ataques XSS. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la Web, alterando así la funcionalidad prevista que puede conducir a la divulgación de credenciales dentro de una sesión de confianza. • http://www.securityfocus.com/bid/108328 https://exchange.xforce.ibmcloud.com/vulnerabilities/159125 https://www.ibm.com/support/docview.wss?uid=ibm10880499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2019-4045
https://notcve.org/view.php?id=CVE-2019-4045
IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. Business Automation Workflow y Business Process Manager de IBM en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2 proporcionan funciones de gestión de documentos integradas. Debido a una falta de restricción en una API, un cliente podría falsificar la última modificación mediante el valor de un documento. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156241 https://www.ibm.com/support/docview.wss?uid=ibm10870494 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2000
https://notcve.org/view.php?id=CVE-2018-2000
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. IBM Business Automation Workflow 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 154890. • http://www.securityfocus.com/bid/107851 https://exchange.xforce.ibmcloud.com/vulnerabilities/154890 https://www.ibm.com/support/docview.wss?uid=ibm10870496 • CWE-352: Cross-Site Request Forgery (CSRF) •