Page 9 of 77 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0

IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Business Process Manager versiones 8.0 y 8.5 de IBM, son vulnerables a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista conllevando potencialmente a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21999133 http://www.securityfocus.com/bid/97322 https://exchange.xforce.ibmcloud.com/vulnerabilities/121905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. Business Process Manager versiones 8.0 y 8.5 de IBM, podría permitir que un atacante remoto condujera ataques de phishing, utilizando un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=swg22000253 http://www.securityfocus.com/bid/98561 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.8EPSS: 0%CPEs: 74EXPL: 0

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. IBM Business Process Manager 7.5, 8.0 y 8.5 tiene una capacidad de descarga de archivos vulnerable a un conjunto de ataques. • http://www.securityfocus.com/bid/98074 https://www.ibm.com/support/docview.wss?uid=swg21998655 • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 68EXPL: 0

Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content. Vulnerabilidad de XSS en Business Space en IBM Business Process Manager 7.5 hasta la versión 7.5.1.2, 8.0 hasta la versión 8.0.1.3 y 8.5 en versiones anteriores a 8.5.7.0 CF2016.09 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de contenido manipulado. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR56300 http://www-01.ibm.com/support/docview.wss?uid=swg21990850 http://www.securityfocus.com/bid/93405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en una página de prueba en IBM Business Process Manager Advanced 8.5.6.0 hasta la versión 8.5.7.0 anterior al arreglo acumulativo 2016.09 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR56391 http://www-01.ibm.com/support/docview.wss?uid=swg21990852 http://www.securityfocus.com/bid/93353 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •