CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2000
https://notcve.org/view.php?id=CVE-2018-2000
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890. IBM Business Automation Workflow 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 154890. • http://www.securityfocus.com/bid/107851 https://exchange.xforce.ibmcloud.com/vulnerabilities/154890 https://www.ibm.com/support/docview.wss?uid=ibm10870496 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1999
https://notcve.org/view.php?id=CVE-2018-1999
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889. IBM Business Automation Workflow en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2, podría revelar información confidencial de la versión sobre el servidor desde páginas de error que podrían ayudar a un atacante en futuros ataques contra el sistema. ID de IBM X-Force: 154889. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154889 https://www.ibm.com/support/docview.wss?uid=ibm10870502 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-1997
https://notcve.org/view.php?id=CVE-2018-1997
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774. Business Automation Workflow y Business Process Manager de IBM en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2 son vulnerables a un ataque de denegación de servicio. Un atacante autenticado puede enviar una petición especialmente creada que agote la memoria del lado del servidor. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154774 https://www.ibm.com/support/docview.wss?uid=ibm10794831 •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1885
https://notcve.org/view.php?id=CVE-2018-1885
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. IBM Business Automation Workflow en sus versiones 18.0.0.0.0, 18.0.0.1 y 18.0.0.0.2 podría permitir a un atacante no autenticado obtener información sensible, utilizando una petición HTTP especialmente comprimida. IBM X-Force ID: 152020. • http://www.securityfocus.com/bid/107863 https://exchange.xforce.ibmcloud.com/vulnerabilities/152020 https://www.ibm.com/support/docview.wss?uid=ibm10878106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1848
https://notcve.org/view.php?id=CVE-2018-1848
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. IBM Business Automation Workflow en sus versiones 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.securityfocus.com/bid/106217 https://exchange.xforce.ibmcloud.com/vulnerabilities/150947 https://www.ibm.com/support/docview.wss?uid=ibm10743005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •