CVE-2023-2257

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...

Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Automation Workflow and IBM Business Process Manager family products (CVE-2018-1885)

Summary A vulnerability in IBM Business Space can allow an attacker to cause an external service invocation. Vulnerability Details CVEID: CVE-2018-1885 DESCRIPTION: IBM Business Space could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. CV...

Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885)

Summary A vulnerability in IBM Business Space can allow an attacker to cause an external service invocation. Vulnerability Details CVEID: CVE-2018-1885 DESCRIPTION: IBM Business Space could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. CV...

Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator

Summary IBM Business Process Manager is shipped as a component of IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM SmartCloud Orchestrator, and IBM SmartCloud Orchestrator Enterprise. Vulnerability Details Review the following security bulletins for IBM Business Process Manager for...

Security Bulletin: Cross-Site Scripting vulnerability in Business Space Help affects IBM Business Process Manager (BPM) and WebSphere Process Server (WPS) - CVE-2013-0464

Summary IBM Eclipse Help System bundled with Business Space Help is vulnerable to Cross-Site Scripting. Vulnerability Details CVEID: CVE-2013-0464 DESCRIPTION: IBM Eclipse Help System, as used in multiple IBM products, is vulnerable to cross-site scripting. A remote attacker could exploit this...

Security Bulletin: Security vulnerability in Business Space affects IBM Business Process Manager and WebSphere Process Server (CVE-2014-8912)

Summary Business Space is a user interface framework that is available in WebSphere Process Server and IBM Business Process Manager BPM. In IBM BPM Express Edition and Standard Edition the framework is not used directly by end users, however, it is still available and contributes parts of the...

Security Bulletin: Multiple security vulnerabilities in Business Space affect IBM Business Process Manager and WebSphere Process Server (CVE-2015-7407, CVE-2015-7400, CVE-2015-7454)

Summary Business Space is a user interface framework that is available in WebSphere Process Server and IBM Business Process Manager BPM. In IBM BPM Express Edition and Standard Edition the framework is not used directly by end users, however, it is still available and contributes parts of the...

Security Bulletin: Vulnerability in SSLv3 affects IBM Business Monitor (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Business Monitor. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: IBM Business Monitor could allow a remote attacker to obtain...

Security Bulletin: A security vulnerability has been identified in Business Space shipped with IBM Business Monitor and WebSphere Business Monitor (CVE-2014-0050)

Summary There is a vulnerability in Apache Commons FileUpdate used by Business Space in IBM Business Monitor and WebSphere Business Monitor. Vulnerability Details CVEID: CVE-2014-0050 Description: MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web,...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2016-10042)

IBM Business Process Manager BPM is a comprehensive business process management platform from IBM in the United States. A cross-site scripting vulnerability in Business Space in IBM Business Process Manager can be exploited by remote authenticated users to inject arbitrary web script or HTML...

CVE-2016-3056

Cross-site scripting XSS vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content...

CVE-2016-3056

CVE-2016-3056: IBM BPM/Business Space HTML injection vulnerability affecting BPM Advanced 7.5.x up to 7.5.1.2, 8.0.x up to 8.0.1.3, and 8.5 up to 8.5.7.0 before 2016.09. A remote authenticated attacker could inject arbitrary HTML via crafted content in Business Space. IBM remediation requires int...

The vulnerability of the Business Process Manager system and the WebSphere Process Server server, which allows attackers to bypass existing access restrictions and create arbitrary pages.

The vulnerability of the Business Space component of the WebSphere Process Server business process server and the Business Process Manager automation system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions...

IBM WebSphere Process Server Access Restriction Bypass Vulnerability

IBM WebSphere Process Server is the business process automation engine. A security vulnerability exists in Business Space in some versions of IBM WebSphere Process Server, which can be exploited by remote attackers to bypass access restrictions and create arbitrary pages or spaces...

CVE-2015-7454

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access...