Cross site scripting

Cross-site scripting XSS vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-8524

CVE-2015-8524 is an XSS vulnerability in IBM BPM Process Portal. It affects IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2, where improper escaping of user input in Process Portal allows a remote attacker to inject arbitrary web script o...

CVE-2015-8524

Cross-site scripting XSS vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

IBM WebSphere Process Server and Business Process Manager Advanced Incorrect SSL/TLS Handling Vulnerability

IBM WebSphere Process Server and Business Process Manager BPM Advanced are both products of IBM Corporation, U.S.A. IBM WebSphere Process Server is a set of business process automation engines; BPM is a comprehensive business process management platform. BPM Advanced is an advanced version. A...

CVE-2015-7441

Remote Artifact Loader RAL in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticate...

Design/Logic Flaw

Remote Artifact Loader RAL in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticate...

CVE-2015-7441

Remote Artifact Loader RAL in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticate...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-06513)

IBM Business Process Manager is a comprehensive business process management platform. A cross-site scripting vulnerability exists in IBM Business Process Manager that could allow a remote, authenticated user to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-4955

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-4955

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-4955

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

The vulnerability of the Business Process Manager system allows a perpetrator to circumvent existing access restrictions.

The vulnerability of the REST API interface of the Business Process Manager system is related to deficiencies in restricting access to certain functions. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions remotely...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...

The vulnerability of the Business Process Manager system allows a perpetrator to circumvent access restrictions related to document loading/saving.

The vulnerability of the Business Process Manager system’s automation functionality is related to deficiencies in restricting access to certain functions. Exploiting this vulnerability could allow a malicious actor to circumvent access restrictions associated with document loading/saving when the...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the REST API interface of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...

The vulnerability of the Business Process Manager system allows a perpetrator to circumvent existing access restrictions and execute arbitrary Java scripts.

The vulnerability of the REST API interface of the Business Process Manager system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and execute arbitrary Java scripts using a specially crafted API request...

The vulnerability of the Business Process Manager operating system, which allows a perpetrator to trigger a service failure

The vulnerability of the Concurrent Data Management Replication process in the Business Process Manager operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using a specially...

The vulnerability of the Business Process Manager operating system, which allows a perpetrator to trigger a service failure

The vulnerability of the LPTS operating system’s Business Process Manager implementation is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service interruptions by continuously sending specially crafted packets to TCP and UDP ports...

CVE-2015-1904

IBM Business Process Manager BPM 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management ECM integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypas...