908 matches found
CVE-2014-6139
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter...
CVE-2014-6139
The CVE concerns IBM Business Process Manager (BPM) Search REST API allowing authenticated non-administrative users to bypass access controls by supplying an incorrect filterByCurrentUser value, enabling discovery of task- and process-instances the user should not see. Affected BPM products/versi...
IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-00569)
IBM Business Process Manager is a comprehensive business process management platform. A cross-site scripting vulnerability in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 allows a remote, authenticated user to inject arbitrary web script or HTML via a crafted URL...
IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-00568)
IBM Business Process Manager is a comprehensive business process management platform. A cross-site scripting vulnerability in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 allows a remote, authenticated user to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-8913
Cross-site scripting XSS vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914...
Cross site scripting
Cross-site scripting XSS vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914...
Cross site scripting
Cross-site scripting XSS vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913...
CVE-2014-8913
CVE-2014-8913/8914 affect IBM Business Process Manager Process Portal across Standard/Express/Advanced 8.0.x–8.5.x. Root cause: insufficient input validation allowing XSS via crafted URLs. Impact: remote authenticated users can inject scripts (possible cookie theft) in the web UI. Remediation: ap...
CVE-2014-8914
CVE-2014-8914 is an IBM BPM Process Portal cross-site scripting vulnerability affecting IBM BPM Standard/Express/Advanced 8.0.x and 8.5.x (e.g., 8.0.1.3, 8.5.0.1, 8.5.5). It arises from improper validation of user-supplied input, enabling a remote authenticated user to inject arbitrary script via...
IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2014-09210)
IBM Business Process Manager is a comprehensive business process management platform. A cross-site scripting vulnerability in IBM Business Process Manager versions 8.0.x through 8.0.1.3, 8.5.x through 8.5.5 allows a remote, authenticated user to inject arbitrary web script or HTML via a crafted U...
CVE-2014-6173
Cross-site scripting XSS vulnerability in the Process Inspector in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
Cross site scripting
Cross-site scripting XSS vulnerability in the Process Inspector in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-6173
Cross-site scripting XSS vulnerability in the Process Inspector in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2014-6182
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. dot dot in a URL...
CVE-2014-4844
The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...
Design/Logic Flaw
The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...
Directory traversal
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. dot dot in a URL...
CVE-2014-6182
Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager BPM 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. dot dot in a URL...
CVE-2014-4844
The import/export functionality in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a 1 process application or 2 toolkit...
Code injection
IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which...