Lucene search
+L

662 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:3 a.m.6 views

Security Bulletin: Due to the use of hibernate-core. IBM webMethods BPM is vulnerable to a second-order SQL injection

Summary IBM webMethods BPM tool is dependant on hibernate-core which is affected by known vulnerability - CVE-2026-0603. Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection...

8.3CVSS6.1AI score0.00782EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.10 views

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 9:31 p.m.8 views

EUVD-2026-12625

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 7:16 p.m.8 views

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

9.8CVSS0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 6:20 p.m.31 views

CVE-2026-3207 TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 6:20 p.m.3 views

CVE-2026-3207 TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:20 p.m.4 views

CVE-2026-3207

Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/17 6:20 p.m.19 views

CVE-2026-3207

Technical details for CVE-2026-3207 are not publicly available in the provided documents. Monitor for updates to learn affected products/versions, impact, and remediation.

9.8CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

TIBCO BPM Enterprise 安全漏洞

TIBCO BPM Enterprise is a business process management platform developed by TIBCO Corporation in the United States. This platform enables companies to drive digital transformation by making better decisions and taking faster, more informed actions. Version 4.x of TIBCO BPM Enterprise contains a...

9.8CVSS5.8AI score0.00281EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 2:23 p.m.5 views

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...

6.1CVSS5.8AI score0.00669EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 11:51 a.m.5 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty-server

Summary IBM webMethods BPM uses jetty-server as a transitive dependency brought in by the WebMethods Integration Server is-server dependency. The Integration Server runtime uses Jetty internally for its web server infrastructure. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists...

6.5CVSS6AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 1:45 p.m.8 views

Security Bulletin: IBM webMethods BPM is vulnerable to Out-of-bounds memory operations in org.lz4:lz4-java.

Summary IBM webMethods BPM uses lz4-java which is pulled in automatically as a dependency of webmethods event streaming library. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of...

8.8CVSS5.5AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:39 a.m.14 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kafka-clients

Summary IBM webMethods BPM uses kafka-clients.jar which is pulled in automatically as a dependency of webmethods event streaming library, Kafka-clients.jar provides Apache Kafka client APIs for producing and consuming messages. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: A security...

8.8CVSS7.6AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:38 a.m.8 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips

Summary IBM webMethods BPM uses bc-fips which is pulled in by webMethods Integration Server core for FIPS-compliant cryptographic operations. The BPM Process Engine relies on IS infrastructure for security but doesn't directly use Bouncy Castle APIs. Vulnerability Details CVEID:CVE-2025-8885...

6.3CVSS5.5AI score0.00541EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:37 a.m.23 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to log4j-core

Summary IBM webMethods BPM uses log4j-core for process instance-specific logging in the BPM Process Engine, creating individual log files for each process instance to track execution details, errors, and debugging information separately from the general system logs. Vulnerability Details...

8.5CVSS6.5AI score0.97906EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:35 a.m.6 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kotlin-stdlib

Summary IBM webMethods BPM uses kotlin-stdlib in all Kotlin-based modules to provide core Kotlin language support and runtime utilities. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation...

5.3CVSS8.4AI score0.02572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:32 a.m.7 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to snappy-java

Summary IBM webMethods BPM uses snappy-java which is automatically pulled in by kafka-clients as a compression codec dependency. The project doesn't directly use Snappy; it's used internally by Kafka for efficient message compression when streaming events through webmethods's event streaming...

7.5CVSS5.5AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/03 9:4 a.m.6 views

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...

6.1CVSS5.2AI score0.00669EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.12 views

Oracle Business Process Management Suite (14.1.2.0.0) (January 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the January 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commo...

9.8CVSS7AI score0.79807EPSS
Exploits7References6
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.15 views

CVE-2025-67278

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...

6.5CVSS7.3AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder