CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1140
https://notcve.org/view.php?id=CVE-2017-1140
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Business Process Manager versiones 8.0 y 8.5 de IBM, son vulnerables a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista conllevando potencialmente a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21999133 http://www.securityfocus.com/bid/97322 https://exchange.xforce.ibmcloud.com/vulnerabilities/121905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2017-1159
https://notcve.org/view.php?id=CVE-2017-1159
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. Business Process Manager versiones 8.0 y 8.5 de IBM, podría permitir que un atacante remoto condujera ataques de phishing, utilizando un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=swg22000253 http://www.securityfocus.com/bid/98561 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 74EXPL: 0CVE-2016-9693
https://notcve.org/view.php?id=CVE-2016-9693
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. IBM Business Process Manager 7.5, 8.0 y 8.5 tiene una capacidad de descarga de archivos vulnerable a un conjunto de ataques. • http://www.securityfocus.com/bid/98074 https://www.ibm.com/support/docview.wss?uid=swg21998655 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 68EXPL: 0CVE-2016-3056
https://notcve.org/view.php?id=CVE-2016-3056
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content. Vulnerabilidad de XSS en Business Space en IBM Business Process Manager 7.5 hasta la versión 7.5.1.2, 8.0 hasta la versión 8.0.1.3 y 8.5 en versiones anteriores a 8.5.7.0 CF2016.09 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de contenido manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR56300 http://www-01.ibm.com/support/docview.wss?uid=swg21990850 http://www.securityfocus.com/bid/93405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2015-7454
https://notcve.org/view.php?id=CVE-2015-7454
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. Business Space en IBM WebSphere Process Server 6.1.2.0 hasta la versión 7.0.0.5 y Business Process Manager Advanced 7.5.x hasta la versión 7.5.1.2, 8.0.x hasta la versión 8.0.1.3, 8.5.0.x hasta la versión 8.5.0.2, 8.5.5.x hasta la versión 8.5.5.0 y 8.5.6.x hasta la versión 8.5.6.2 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y crear una página o un espacio arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678 http://www-01.ibm.com/support/docview.wss?uid=swg21972005 http://www.securityfocus.com/bid/85089 http://www.securitytracker.com/id/1035319 • CWE-264: Permissions, Privileges, and Access Controls •