CVSS: 5.4EPSS: 0%CPEs: 100EXPL: 0CVE-2018-1384
https://notcve.org/view.php?id=CVE-2018-1384
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135. IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012604 http://www.securityfocus.com/bid/103681 http://www.securitytracker.com/id/1040624 https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-0110
https://notcve.org/view.php?id=CVE-2015-0110
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. IBM Business Process Manager (BPM) 7.5.x, 8.0.x y 8.5.x y WebSphere Lombardi Edition (WLE) 7.2.x permiten que usuarios autenticados remotos omitan las restricciones de acceso establecidas en tipos de servicios internos mediante vectores relacionados con la URL executeServiceByName. • http://www.securityfocus.com/bid/73274 https://www-304.ibm.com/support/docview.wss?uid=swg21694940 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2015-7454
https://notcve.org/view.php?id=CVE-2015-7454
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. Business Space en IBM WebSphere Process Server 6.1.2.0 hasta la versión 7.0.0.5 y Business Process Manager Advanced 7.5.x hasta la versión 7.5.1.2, 8.0.x hasta la versión 8.0.1.3, 8.5.0.x hasta la versión 8.5.0.2, 8.5.5.x hasta la versión 8.5.5.0 y 8.5.6.x hasta la versión 8.5.6.2 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y crear una página o un espacio arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54678 http://www-01.ibm.com/support/docview.wss?uid=swg21972005 http://www.securityfocus.com/bid/85089 http://www.securitytracker.com/id/1035319 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 54EXPL: 0CVE-2015-7441
https://notcve.org/view.php?id=CVE-2015-7441
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Remote Artifact Loader (RAL) en IBM WebSphere Process Server 7 y Business Process Manager Advanced 7.5 hasta la versión 7.5.1.2, 8.0 hasta la versión 8.0.1.3, 8.5.0 hasta la versión 8.5.0.2, 8.5.5 hasta la versión 8.5.5.0 y 8.5.6 hasta la versión 8.5.6.2 no utiliza adecuadamente el SSL para su conexión HTTPS, lo que permite a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54760 http://www.securitytracker.com/id/1034531 http://www.securitytracker.com/id/1034532 https://www-01.ibm.com/support/docview.wss?uid=swg21971968 • CWE-17: DEPRECATED: Code •
CVSS: 4.3EPSS: 0%CPEs: 46EXPL: 0CVE-2015-0106
https://notcve.org/view.php?id=CVE-2015-0106
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Business Process Manager (BPM) 7.5.x hasta 7.5.1.2, 8.0 hasta 8.0.1.3, 8.5.0 hasta 8.5.0.1, y 8.5.5 hasta 8.5.5.0 y WebSphere Lombardi Edition (WLE) 7.2.x hasta 7.2.0.5 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR50795 http://www-01.ibm.com/support/docview.wss?uid=swg21694935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •