Ibm

Business Process Manager

88 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2016-9693

  • EPSS 0.18%
  • Published 07.03.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can b...

5.4

CVE-2016-9731

  • EPSS 0.23%
  • Published 01.02.2017 20:59:03
  • Last modified 20.04.2025 01:37:25

IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4

CVE-2016-3056

  • EPSS 0.24%
  • Published 14.10.2016 02:59:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted...

5.4

CVE-2016-5901

  • EPSS 0.17%
  • Published 05.10.2016 10:59:16
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

6.5

CVE-2016-0349

  • EPSS 0.11%
  • Published 30.06.2016 01:59:01
  • Last modified 12.04.2025 10:46:40

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.

4.3

CVE-2015-7454

  • EPSS 0.16%
  • Published 21.03.2016 14:59:00
  • Last modified 12.04.2025 10:46:40

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote aut...

5.4

CVE-2016-0227

  • EPSS 0.24%
  • Published 03.03.2016 22:59:10
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arb...

6.1

CVE-2015-8524

  • EPSS 0.27%
  • Published 29.02.2016 11:59:03
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.8

CVE-2015-7441

  • EPSS 0.25%
  • Published 01.01.2016 00:59:00
  • Last modified 12.04.2025 10:46:40

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its H...

3.5

CVE-2015-4955

  • EPSS 0.23%
  • Published 03.10.2015 22:59:09
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML ...