CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1885
https://notcve.org/view.php?id=CVE-2018-1885
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020. IBM Business Automation Workflow en sus versiones 18.0.0.0.0, 18.0.0.1 y 18.0.0.0.2 podría permitir a un atacante no autenticado obtener información sensible, utilizando una petición HTTP especialmente comprimida. IBM X-Force ID: 152020. • http://www.securityfocus.com/bid/107863 https://exchange.xforce.ibmcloud.com/vulnerabilities/152020 https://www.ibm.com/support/docview.wss?uid=ibm10878106 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 100EXPL: 0CVE-2018-1384
https://notcve.org/view.php?id=CVE-2018-1384
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012604 http://www.securityfocus.com/bid/103681 http://www.securitytracker.com/id/1040624 https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2014-6176
https://notcve.org/view.php?id=CVE-2014-6176
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, y Business Process Manager Advanced 7.5.x hasta 7.5.1.2, 8.0.x hasta 8.0.1.3, y 8.5.x hasta 8.5.5 desatienden la configuración SSL setting en el enlace de importación de HTTP del módulo SCA y seleccionan incondicionalmente el protocolo SSLv3, lo que facilita a atacantes remotos secuestrar sesiones o obtener información sensible a través del aprovechamiento del uso de un cifrado débil. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR51593 http://www-01.ibm.com/support/docview.wss?uid=swg21690780 http://www.securitytracker.com/id/1031382 http://www.securitytracker.com/id/1031383 https://exchange.xforce.ibmcloud.com/vulnerabilities/98488 • CWE-310: Cryptographic Issues •