CVE-2017-1530
https://notcve.org/view.php?id=CVE-2017-1530
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. Las versiones 7.5, 8.0 y 8.5 de IBM Business Process Manager son vulnerables a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22007351 http://www.securityfocus.com/bid/100960 https://exchange.xforce.ibmcloud.com/vulnerabilities/130409 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1531
https://notcve.org/view.php?id=CVE-2017-1531
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410. Las versiones 7.5, 8.0 y 8.5 de IBM Business Process Manager son vulnerables a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades planeadas. • http://www.ibm.com/support/docview.wss?uid=swg22007354 http://www.securityfocus.com/bid/100963 https://exchange.xforce.ibmcloud.com/vulnerabilities/130410 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-1346
https://notcve.org/view.php?id=CVE-2017-1346
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. IBM Business Process Manager 7.5, 8.0 y 8.5 guarda temporalmente los archivos en una carpeta temporal durante las instalaciones offline, los cuales podrían ser leídos por un usuario local en un corto espacio de tiempo. IBM X-Force ID: 126461. • http://www.ibm.com/support/docview.wss?uid=swg22004654 http://www.securityfocus.com/bid/100964 https://exchange.xforce.ibmcloud.com/vulnerabilities/126461 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-0110
https://notcve.org/view.php?id=CVE-2015-0110
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. IBM Business Process Manager (BPM) 7.5.x, 8.0.x y 8.5.x y WebSphere Lombardi Edition (WLE) 7.2.x permiten que usuarios autenticados remotos omitan las restricciones de acceso establecidas en tipos de servicios internos mediante vectores relacionados con la URL executeServiceByName. • http://www.securityfocus.com/bid/73274 https://www-304.ibm.com/support/docview.wss?uid=swg21694940 • CWE-284: Improper Access Control •
CVE-2017-1140
https://notcve.org/view.php?id=CVE-2017-1140
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Business Process Manager versiones 8.0 y 8.5 de IBM, son vulnerables a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista conllevando potencialmente a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21999133 http://www.securityfocus.com/bid/97322 https://exchange.xforce.ibmcloud.com/vulnerabilities/121905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •