Ibm

Business Process Manager

88 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2015-0103

  • EPSS 0.18%
  • Veröffentlicht 24.03.2015 00:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or H...

4

CVE-2014-6139

  • EPSS 0.14%
  • Veröffentlicht 13.02.2015 02:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the fil...

3.5

CVE-2014-8914

  • EPSS 0.3%
  • Veröffentlicht 21.01.2015 15:17:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a differe...

3.5

CVE-2014-8913

  • EPSS 0.23%
  • Veröffentlicht 21.01.2015 15:17:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a differe...

3.5

CVE-2014-6173

  • EPSS 0.23%
  • Veröffentlicht 19.12.2014 02:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

4

CVE-2014-6182

  • EPSS 0.39%
  • Veröffentlicht 17.12.2014 00:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

6.5

CVE-2014-4844

  • EPSS 0.22%
  • Veröffentlicht 17.12.2014 00:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) proces...

4.3

CVE-2014-6176

  • EPSS 0.36%
  • Veröffentlicht 16.12.2014 23:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and un...

4.3

CVE-2014-6101

  • EPSS 0.32%
  • Veröffentlicht 31.10.2014 10:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4

CVE-2014-4802

  • EPSS 0.16%
  • Veröffentlicht 07.10.2014 10:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorizatio...