IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-04971)

IBM Business Process Manager is a comprehensive business process management platform. A cross-site scripting vulnerability exists in IBM Business Process Manager 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0,8.5.6 through 8.5.6.0, which could allow a...

IBM Business Process Manager Scheduled Access Restriction Bypass Vulnerability

IBM Business Process Manager is a comprehensive business process management platform. A scheduled access restriction bypass vulnerability exists in IBM Business Process Manager 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0,8.5.6 through 8.5.6.0, which...

CVE-2015-1906

Cross-site scripting XSS vulnerability in the REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U...

Cross site scripting

Cross-site scripting XSS vulnerability in the REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U...

CVE-2015-1906

Cross-site scripting XSS vulnerability in the REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U...

CVE-2015-1961

The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...

Design/Logic Flaw

The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...

CVE-2015-1961

The REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...

IBM Business Process Manager Remote Code Execution Vulnerability

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A remote code execution vulnerability exists in IBM...

IBM Business Process Manager and WebSphere Lombardi Edition Security Bypass Vulnerability

IBM Business Process Manager BPM is a comprehensive set of business process management platforms from IBM in the U.S. It provides a range of tools related to business process modeling, assembling, monitoring, and deployment.WebSphere Lombardi Edition WLE is the predecessor of the BPM product. A...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-04371)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM B...

IBM Business Process Manager and WebSphere Lombardi Edition Directory Traversal Vulnerability

IBM Business Process Manager BPM is a comprehensive set of business process management platforms from IBM in the U.S. It provides a range of tools related to business process modeling, assembly, monitoring, and deployment.WebSphere Lombardi Edition WLE is the predecessor of the BPM product. A...

CVE-2015-1884

IBM Business Process Manager (BPM) and WebSphere Lombardi Edition are affected by a directory traversal vulnerability (CVE-2015-1884) due to insufficient input validation in the internationalization-file URL. Vulnerable products/versions include BPM Standard/Express/Advanced 7.5.x–8.5.5.0 and WLE...

CVE-2015-1884

Directory traversal vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-03501)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

CVE-2015-0193

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL th...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL th...

CVE-2015-0193

CVE-2015-0193 : A cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) arises from improper neutralization of user-supplied input in certain error conditions, allowing remote authenticated users to inject arbitrary web script or HTML ...

CVE-2015-0193

Cross-site scripting XSS vulnerability in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition WLE 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL th...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-03488)

IBM Business Process Manager is a comprehensive business process management platform. A cross-site scripting vulnerability exists in IBM Business Process Manager that could allow a remote, authenticated user to inject arbitrary web script or HTML via a crafted URL...