CVE-2016-5901

Cross-site scripting XSS vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-5901

Cross-site scripting XSS vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-5901

CVE-2016-5901 is an XSS vulnerability in IBM Business Process Manager Advanced 8.5.6.0–8.5.7.0 prior to cumulative fix 2016.09. The issue allows remote authenticated users to inject arbitrary web script/HTML via unspecified vectors in a test page. IBM’s bulletin identifies the affected product/ve...

USN-3045-1 PHP vulnerabilities | Cloud Foundry

USN-3045-1 PHP vulnerabilities Medium Vendor PHP Versions Affected Cloud Foundry PHP buildpack versions prior to 4.3.18 Note: The PHP buildpack is patched from upstream PHP source Description It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker...

The vulnerability of the Business Process Manager system allows a perpetrator to circumvent existing access restrictions and update dynamic processes.

The vulnerability of the Business Process Manager system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and update process variables through calls to the REST API...

The vulnerability of the Business Process Manager system allows a perpetrator to read arbitrary files.

The vulnerability of the Business Process Manager system exists due to an incorrect restriction on the name of the path leading to the restricted access catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to read arbitrary files using a specially crafted URL...

Design/Logic Flaw

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call...

IBM Business Process Manager Design Vulnerabilities

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. A design vulnerability exists in IBM BPM versions 8.5.6 through 8.5.6.0 cumulative fix version 2 and 8.5.7, which can be exploited by an attacker to update process instan...

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Description Apache Struts is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Apache Struts 1.0 through...

The vulnerability of the Business Process Manager system and the WebSphere Process Server server, which allows attackers to bypass existing access restrictions and create arbitrary pages.

The vulnerability of the Business Space component of the WebSphere Process Server business process server and the Business Process Manager automation system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions...

Design/Logic Flaw

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access...

CVE-2015-7454

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access...

CVE-2015-7454

IBM’s CVE-2015-7454 affects Business Space in IBM WebSphere Process Server and IBM BPM (various BPM Advanced/Standard editions). The issue allows an authenticated remote attacker to bypass access restrictions and create arbitrary pages/spaces via unspecified vectors. Affected versions span WebSph...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary Web or HTML code.

The vulnerability of the Process Portal component of the Business Process Manager system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary Web or HTML code.

The vulnerability of the Document List control implementation in the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...

CVE-2016-0227

Cross-site scripting XSS vulnerability in the document-list control implementation in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-0227

Cross-site scripting XSS vulnerability in the document-list control implementation in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-0227

Cross-site scripting XSS vulnerability in the document-list control implementation in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2016-01421)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

CVE-2015-8524

Cross-site scripting XSS vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...