Page 6 of 36 results (0.009 seconds)

CVSS: 8.2EPSS: 0%CPEs: 17EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1 y 19.0.0.2 es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162770 https://www.ibm.com/support/docview.wss?uid=ibm10959537 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1 y 18.0.0.2 podría permitir a un usuario obtener información altamente confidencial de otro usuario insertando enlaces en los que los usuarios desprevenidos harían clic. ID de IBM X-Force: 162771. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162771 https://www.ibm.com/support/docview.wss?uid=ibm10959261 •

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657. IBM Business Automation Workflow versiones 18.0.0.0, 18.0.0.1, 18.0.0.2, y 19.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgación de credenciales dentro de una sesión de confianza. • http://www.securityfocus.com/bid/108993 https://exchange.xforce.ibmcloud.com/vulnerabilities/162657 https://www.ibm.com/support/docview.wss?uid=ibm10888037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125. IBM Business Automation Workflow, versiones 18.0.0.0.0.0, 18.0.0.1, 18.0.0.2 y 19.0.0.1, es vulnerable a los ataques XSS. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la Web, alterando así la funcionalidad prevista que puede conducir a la divulgación de credenciales dentro de una sesión de confianza. • http://www.securityfocus.com/bid/108328 https://exchange.xforce.ibmcloud.com/vulnerabilities/159125 https://www.ibm.com/support/docview.wss?uid=ibm10880499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. Business Automation Workflow y Business Process Manager de IBM en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2 proporcionan funciones de gestión de documentos integradas. Debido a una falta de restricción en una API, un cliente podría falsificar la última modificación mediante el valor de un documento. • https://exchange.xforce.ibmcloud.com/vulnerabilities/156241 https://www.ibm.com/support/docview.wss?uid=ibm10870494 •