CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

656 matches found

JEHC-BPM - Remote Code Execute

A Remote Command Execution vulnerability in the component /server/executeExec of JEHC-BPM = v2.0.1 allows attackers to execute arbitrary code. The vulnerability exists due to insufficient authorization checks in the executeExec endpoint which allows direct command execution. id: CVE-2025-45854...

10CVSS6.1AI score0.02685EPSS

Exploits1References2

EUVD•added 6 days ago•10 views

EUVD-2026-37929

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

6.9CVSS5.4AI score0.00125EPSS

Exploits0References1

Cloud Foundry•added 6 days ago•6 views

CVE-2026-47833 - Symlink vulnerability in setupBpmLogs allows container-to-host privilege escalation via /etc/shadow | Cloud Foundry

Medium CVSS score: 6.8 Medium CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/S:U/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Vendor Cloud Foundry Foundation Versions Affected Severity is Medium unless otherwise noted. bpm-release – All versions prior to v1.4.30 Description setupBpmLogs follows symlink for bpm.log open and...

6.9CVSS5.6AI score0.00125EPSS

Exploits0

RedhatCVE•added 2026/06/05 7:39 p.m.•8 views

CVE-2026-34284

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Human workflow 11g+. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

6.1CVSS7.3AI score0.00179EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/26 5:16 p.m.•10 views

Security Bulletin: Due to the use of mchange-commons-java, IBM webMethods BPM is vulnerable to malicious code execution (CVE-2026-27727).

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component mchange-commons-java. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION: mchange-commons-java, a...

9.8CVSS6.1AI score0.00577EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/05/26 5:14 p.m.•7 views

Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...

8.9CVSS6.1AI score0.00304EPSS

Exploits0Affected Software1

NVD•added 2026/04/21 9:16 p.m.•4 views

CVE-2026-34284

6.1CVSS0.00179EPSS

Exploits0References1

IBM Security Bulletins•added 2026/04/17 8:29 a.m.•4 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to openid4java

Summary IBM webMethods BPM uses openid4java to implement OpenID-based authentication Vulnerability Details CVEID:CVE-2011-4314 DESCRIPTION: message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before...

5.8CVSS5.9AI score0.03201EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/17 6:48 a.m.•3 views

Security Bulletin: Due to use of jackrabbit-spi-commons IBM webMethods BPM is vulnerable to loading privileges using unsecured document build

Summary IBM webMethods BPM is using jackrabbit-spi-commons which is affected by a known vulnerability CVE-2025-53689. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58782 DESCRIPTION: Deserialization of Untrusted Data vulnerability i...

8.8CVSS6.3AI score0.01286EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/03/30 5:52 a.m.•5 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to rhino

Summary IBM webMethods BPM uses rhino to embed a JavaScript engine for executing internal scripts related to business logic and configuration. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1,...

7.5CVSS6.8AI score0.00231EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/03/27 6:6 p.m.•2 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to JSON-Java

Summary IBM webMethods BPM uses JSON-Java for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts...

7.5CVSS5.9AI score0.01449EPSS

Exploits6Affected Software1

IBM Security Bulletins•added 2026/03/27 5:59 p.m.•4 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to commons-io

Summary IBM webMethods BPM uses commons-io to simplify file and stream handling operations within the application, such as reading, writing, and manipulating files and input/output streams. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: In Apache Commons IO before 2.7, When invoking the...

5.8CVSS5.9AI score0.10608EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/03/27 5:58 p.m.•4 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty

Summary IBM webMethods BPM uses jetty to enable embedded web server capabilities within the application. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for...

5.3CVSS5.9AI score0.00986EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/03/27 8:6 a.m.•10 views

Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2019-17638, CVE-2020-27218, CVE-2021-28169, CVE-2021-34428, CVE-2022-2047, CVE-2023-26048, CVE-2023-26049, CVE-2024-13009, CVE-2024-8184 Vulnerability Details CVEID:CVE-2019-17638 DESCRIPTION: In Eclip...

9.4CVSS7AI score0.7848EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2026/03/27 8:3 a.m.•5 views

Security Bulletin: Due to the use of hibernate-core. IBM webMethods BPM is vulnerable to a second-order SQL injection

Summary IBM webMethods BPM tool is dependant on hibernate-core which is affected by known vulnerability - CVE-2026-0603. Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection...

8.3CVSS6.1AI score0.00606EPSS

Exploits1Affected Software1

RedhatCVE•added 2026/03/26 3:3 p.m.•7 views

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS5.8AI score0.00281EPSS

Exploits0References1

EUVD•added 2026/03/17 9:31 p.m.•5 views

EUVD-2026-12625

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS5.8AI score0.00281EPSS

Exploits0References2