CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

908 matches found

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•31 views

Security Bulletin: Vulnerabilities in IBM SDK for Node.js affect IBM Business Process Manager Configuration Editor (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js is used by IBM Business Process Manager...

5CVSS0.7AI score0.91945EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•15 views

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) error handling (CVE-2015-0193)

Summary IBM Business Proccess Manager is vulnerable to cross-site scripting, caused by improper neutralization of user-supplied input in some error situations. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the...

3.5CVSS0.5AI score0.00201EPSS

Exploits0Affected Software4

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•19 views

Security Bulletin: Persistent cross-site scripting vulnerability in Process Admin Console affecting IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) CVE-2015-0156

Summary IBM Business Process Manager is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the...

3.5CVSS5.6AI score0.00227EPSS

Exploits0Affected Software4

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•17 views

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Coach NG framework (CVE-2015-0158)

Summary IBM Business Process Manager Coach NG framework is vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web browser within the...

4.3CVSS0.9AI score0.00356EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•20 views

Security Bulletin: Internal service types can be invoked in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) Process Portal (CVE-2015-0110)

Summary When invoking a service using the executeServiceByName URL, there is no access restriction based on the service type and services that were meant for internal use only are available for authenticated users. Vulnerability Details CVEID: CVE-2015-0110 DESCRIPTION: IBM Business Process Manag...

6.5CVSS0.4AI score0.0009EPSS

Exploits0Affected Software4

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•22 views

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2015-0105)

Summary IBM Business Process Manager is vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web browser within the security context o...

4.3CVSS1AI score0.0035EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•23 views

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) Process Portal (CVE-2015-0106)

Summary IBM Business Process Manager and WebSphere Lombardi Edition are vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web brows...

4.3CVSS0.7AI score0.0027EPSS

Exploits0Affected Software4

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•15 views

Security Bulletin: Security vulnerability in Node.js module affects IBM Business Process Manager (BPM) Configuration Editor (CVE-2015-1164)

Summary A security vulnerability has been reported for a dependent Node.js module "express". CVE-2015-1164 affects IBM Business Process Manager BPM because IBM BPM includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. Vulnerability...

4.3CVSS0.4AI score0.003EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•17 views

Security Bulletin: Persistent cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2015-0103)

Summary IBM Business Process Manager is vulnerable to persistent cross-site scripting due to insufficient validation of user input retrieved from the database. An authenticated malicious user can inject script in data fields. This script might be executed by other users when displaying this data...

3.5CVSS5.2AI score0.00175EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•20 views

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) Process Center (CVE-2015-0101)

Summary Insufficient user input validation in IBM Business Process Manager's Process Center can lead to a cross-site scripting exposure. Vulnerability Details CVEID: CVE-2015-0101 DESCRIPTION: IBM Business Process Manager Process Centeris vulnerable to cross-site scripting, caused by improper...

6.1CVSS0.8AI score0.00224EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•22 views

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2014-8913, CVE-2014-8914)

Summary Insufficient user input validation in IBM Business Process Manager's Process Portal can lead to a cross-site scripting exposure. Vulnerability Details CVEID: CVE-2014-8913 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting, which is caused by the improper...

3.5CVSS0.9AI score0.00304EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•40 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)

Summary There are multiple vulnerabilities in IBM SDK for Java Technology Edition that is used by IBM Business Process Manager and WebSphere Lombardi Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues wer...

4.3CVSS0.4AI score0.93538EPSS

Exploits5Affected Software4

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•15 views

Security Bulletin: File path traversal vulnerability affecting IBM Business Process Manager Process Center (CVE-2014-6182)

Summary An export function in IBM Business Process Manager Process Center is vulnerable to file path traversal. As a result, sensitive files might be downloaded. Vulnerability Details CVE-ID: CVE-2014-6182 Description: IBM Business Process Manager could allow a remote attacker to traverse...

4CVSS0.8AI score0.00389EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•33 views

Security Bulletin: TLS padding vulnerability affects IBM HTTP Server shipped with IBM Business Process Manager family products (CVE-2014-8730)

Summary IBM HTTP Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Please consult the...

4.3CVSS0.6AI score0.03099EPSS

Exploits5Affected Software5

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•22 views

Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176)

Summary The HTTP import binding in an SCA module can be configured with a reference to a SSL configuration that exists on the application server. The HTTP binding uses always the SSLv3 protocol variant regardless of the SSL protocol setting in the referenced SSL configuration. Vulnerability Detai...

4.3CVSS5.5AI score0.0036EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•18 views

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) Process Inspector (CVE-2014-6173)

Summary Insufficient user input validation in IBM Business Process Manager's Process Inspector can lead to a cross-site scripting exposure. Vulnerability Details CVE ID: CVE-2014-6173 CVSS Base Score: 3.5 CVSS Temporal Score: See for the current score CVSS Environmental Score: Undefined CVSS...

3.5CVSS0.7AI score0.00227EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•16 views

Security Bulletin: Insufficient authorization check for project actions in IBM Business Process Manager (CVE-2014-4844)

Summary By using IBM Business Process Manager BPM you can import and export process applications and toolkits. Although this functionality is available only to authorized users, the actual server side code accepts requests from lower privileged users. Vulnerability Details CVE ID: CVE-2014-4844...

6.5CVSS1.1AI score0.00216EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•18 views

Security Bulletin: Insufficient authorization check in IBM Business Process Manager (BPM) Search REST API (CVE-2014-6139)

Summary Using the Search REST API, non-administrative users can search for task and process instances that they are not allowed to see by specifying a parameter that should be available only to administrative users. Vulnerability Details CVE ID: CVE-2014-6139 CVSS Base Score: 3.5 CVSS Temporal...

4CVSS0.6AI score0.0014EPSS

Exploits0Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•12 views

Security Bulletin: XML External Entity Processing in Castor might affect IBM Business Process Manager (CVE-2014-3004)

Summary An XML External Entity Processing vulnerability has been reported for the Castor open source library that is used in IBM Business Process Manager BPM. Vulnerability Details CVE-ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain sensitive information,...

4.3CVSS0.6AI score0.03627EPSS

Exploits3Affected Software3

IBM Security Bulletins•added 2018/06/15 7:2 a.m.•9 views

Security Bulletin: Vulnerability in SSLv3 affects IBM Business Process Manager (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Business Process Manager. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : IBM Business Process Manager could allow a remote...

4.3CVSS6.3AI score0.93538EPSS

Exploits5Affected Software3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by