CVSS: 5.5EPSS: 0%CPEs: 51EXPL: 0CVE-2020-4794
https://notcve.org/view.php?id=CVE-2020-4794
21 Dec 2020 — IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445. IBM Automation Workstream Services versiones 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versión 8.6, podrían permitir a un usuari... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189445 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4531
https://notcve.org/view.php?id=CVE-2020-4531
25 Sep 2020 — IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versiones 8.0, 8.5 y 8.6, podrían permitir a un atacante remoto obtener información confide... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182715 • CWE-252: Unchecked Return Value •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4530
https://notcve.org/view.php?id=CVE-2020-4530
15 Sep 2020 — IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. IBM Business Automation Workflow CD0 e IBM Business Process Manager versiones 8.0, 8.5 y 8.6, son vulnerables a ataques de tipo cross-site scripting. Esta vulne... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182714 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4490
https://notcve.org/view.php?id=CVE-2020-4490
29 May 2020 — IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989 IBM Business Automation Workflow versiones 18 y 19, e IBM Business Process Manager versiones 8.0, 8.5 y 8.6, podrían permitir a un atacante remoto omitir restricciones de seguridad, causadas por un fallo de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181989 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4446
https://notcve.org/view.php?id=CVE-2020-4446
06 May 2020 — IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126. IBM Business Process Manager versiones 8.0, 8.5 y 8.6 e IBM Business Automation Workflow versiones 18.0 y 19.0, podrían permitir a un atacante remoto omitir las restricciones de seguridad, causadas mediante el fallo al realizar comprobaciones de autorización ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/181126 • CWE-863: Incorrect Authorization •
CVSS: 8.2EPSS: 0%CPEs: 17EXPL: 0CVE-2019-4424
https://notcve.org/view.php?id=CVE-2019-4424
20 Aug 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1 y 19.0.0.2 es vulnerable a un ataque de inyección de entidadexterna XML (XXE) al procesar datos XML. Un atacante remoto podría ap... • https://exchange.xforce.ibmcloud.com/vulnerabilities/162770 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.7EPSS: 0%CPEs: 16EXPL: 0CVE-2019-4425
https://notcve.org/view.php?id=CVE-2019-4425
20 Aug 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. IBM Business Automation Workflow 18.0.0.0, 18.0.0.1 y 18.0.0.2 podría permitir a un usuario obtener información altamente confidencial de otro usuario insertando enlaces en los que los usuarios desprevenidos harían clic. ID de IBM X-Force: 162771. • https://exchange.xforce.ibmcloud.com/vulnerabilities/162771 •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1999
https://notcve.org/view.php?id=CVE-2018-1999
08 Apr 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889. IBM Business Automation Workflow en las versiones 18.0.0.0, 18.0.0.1 y 18.0.0.2, podría revelar información confidencial de la versión sobre el servidor desde páginas de error que podrían ayudar a un atacante en futuros ataques contra el sistema. ID de IBM X-Force: 154889. • https://exchange.xforce.ibmcloud.com/vulnerabilities/154889 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1885
https://notcve.org/view.php?id=CVE-2018-1885
08 Apr 2019 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. IBM Business Automation Workflow en sus versiones 18.0.0.0.0, 18.0.0.1 y 18.0.0.0.2 podría permitir a un atacante no autenticado obtener información sensible, utilizando una petición HTTP especialmente comprimida. IBM X-Force ID: 152020. • http://www.securityfocus.com/bid/107863 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1848
https://notcve.org/view.php?id=CVE-2018-1848
14 Dec 2018 — IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947. IBM Business Automation Workflow en sus versiones 18.0.0.0 y 18.0.0.1 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en l... • http://www.securityfocus.com/bid/106217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •