Ibm

Business Process Manager

88 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2017-1766

  • EPSS 0.1%
  • Published 30.03.2018 16:29:00
  • Last modified 21.11.2024 03:22:20

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

3.3

CVE-2017-1756

  • EPSS 0.05%
  • Published 30.03.2018 16:29:00
  • Last modified 21.11.2024 03:22:19

IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.

4.3

CVE-2017-1765

  • EPSS 0.32%
  • Published 30.03.2018 16:29:00
  • Last modified 21.11.2024 03:22:20

IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

5.4

CVE-2017-1767

  • EPSS 0.39%
  • Published 30.03.2018 16:29:00
  • Last modified 21.11.2024 03:22:20

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...

5.4

CVE-2018-1384

  • EPSS 0.39%
  • Published 30.03.2018 16:29:00
  • Last modified 21.11.2024 03:59:43

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...

5.5

CVE-2015-7463

  • EPSS 0.09%
  • Published 15.03.2018 22:29:00
  • Last modified 21.11.2024 02:36:50

IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.

8.8

CVE-2017-1769

  • EPSS 0.2%
  • Published 24.01.2018 14:29:00
  • Last modified 21.11.2024 03:22:20

IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.

5.4

CVE-2017-1494

  • EPSS 0.29%
  • Published 20.12.2017 18:29:00
  • Last modified 20.04.2025 01:37:25

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...

6.5

CVE-2017-1628

  • EPSS 0.56%
  • Published 27.11.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.

5.4

CVE-2017-1425

  • EPSS 0.27%
  • Published 26.09.2017 17:29:00
  • Last modified 20.04.2025 01:37:25

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos...