CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-43864 – IBM Business Automation Workflow information disclosure
https://notcve.org/view.php?id=CVE-2022-43864
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. IBM Business Automation Workflow 22.0.2 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239427 https://www.ibm.com/support/pages/node/6857223 https://www.ibm.com/support/pages/node/6857239 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2013-4804
https://notcve.org/view.php?id=CVE-2013-4804
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors. Vulnerabilidad sin especificar en HP Business Process Monitor 9.13.1 patch 1 y 9.22 patch 1 permite a atacantes remotos ejecutar código arbitrario y obtener información sensible a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594 •
CVSS: 10.0EPSS: 18%CPEs: 2EXPL: 0CVE-2013-2366 – HP Business Process Monitor tp_bpm_admin.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2366
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802. Vulnerabilidad no especificada en HP Business Process Monitor 9.13.1 parche 1, y 9.22 parche 1 permite a atacantes remotos ejecutar código de forma arbitraria y obtener información sensible a través de vectores desconocidos, tambien conocido como ZDI-CAN-1802. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Business Process Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the tp_bpm_admin.exe server which listens by default on TCP port 2696. This server exposes file upload functionality that is vulnerable to a directory traversal. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03844594 •