CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1769
https://notcve.org/view.php?id=CVE-2017-1769
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783. IBM Business Process Manager 8.6 es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF). Esto podría permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la web confía. IBM X-Force ID: 136783. • http://www.ibm.com/support/docview.wss?uid=swg22011579 http://www.securityfocus.com/bid/102777 http://www.securitytracker.com/id/1040298 https://exchange.xforce.ibmcloud.com/vulnerabilities/136783 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1628
https://notcve.org/view.php?id=CVE-2017-1628
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. IBM Business Process Manager 8.6.0.0 permite que usuarios autenticados detengan y reanuden el gestor de eventos llamando a una API REST con comprobaciones de autorización incorrectas. • http://www.ibm.com/support/docview.wss?uid=swg22009496 http://www.securityfocus.com/bid/101900 http://www.securitytracker.com/id/1039777 https://exchange.xforce.ibmcloud.com/vulnerabilities/133126 • CWE-863: Incorrect Authorization •