CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8914
https://notcve.org/view.php?id=CVE-2014-8914
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913. Vulnerabilidad XSS en Process Portal en IBM Business Process Manager 8.0 a través de 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8913. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51836 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52103 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8913
https://notcve.org/view.php?id=CVE-2014-8913
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914. Vulnerabilidad XSS en the Process Portal en IBM Business Process Manager 8.0 a través 8.0.1.3, 8.5.0 a través de 8.5.0.1, y 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL modificada, una vulnerabilidad diferente a CVE-2014-8914. • http://secunia.com/advisories/62205 http://www-01.ibm.com/support/docview.wss?uid=swg1JR51742 http://www-01.ibm.com/support/docview.wss?uid=swg21693239 http://www.securitytracker.com/id/1031614 https://exchange.xforce.ibmcloud.com/vulnerabilities/99284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-6173
https://notcve.org/view.php?id=CVE-2014-6173
Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el Inspector de Procesos en IBM Business Process Manager (BPM) 8.0.x hasta 8.0.1.3 y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50241 http://www-01.ibm.com/support/docview.wss?uid=swg21690553 https://exchange.xforce.ibmcloud.com/vulnerabilities/98418 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2014-4844
https://notcve.org/view.php?id=CVE-2014-4844
The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. La funcionalidad import/export en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados evadir las restricciones de acceso a través de una acción de proyecto para (1) una aplicación de proyecto o (2) una caja de herramientas. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51286 http://www.ibm.com/support/docview.wss?uid=swg21690554 https://exchange.xforce.ibmcloud.com/vulnerabilities/95724 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-6182
https://notcve.org/view.php?id=CVE-2014-6182
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL. Vulnerabilidad de salto de directorio en una función de exportación en el centro de procesos en IBM Business Process Manager (BPM) 8.0.x hasta 8.0.1.3 y 8.5.x hasta 8.5.5 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en una URL. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234 http://www.ibm.com/support/docview.wss?uid=swg21692540 http://www.securitytracker.com/id/1031379 https://exchange.xforce.ibmcloud.com/vulnerabilities/98518 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •