Lucene search
K

4567 matches found

NVD
NVD
added 2019/09/10 4:15 p.m.22 views

CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5.3CVSS5AI score0.00694EPSS
Exploits0References1
OSV
OSV
added 2019/09/10 4:15 p.m.6 views

CVE-2019-5503

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5.3CVSS6.1AI score0.00694EPSS
Exploits0References1
Prion
Prion
added 2019/09/10 4:15 p.m.16 views

Design/Logic Flaw

OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors...

5CVSS4.9AI score0.00694EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/09/10 3:50 p.m.70 views

CVE-2019-5503

CVE-2019-5503 concerns NetApp OnCommand Workflow Automation. The affected product versions “prior to 5.0” allegedly shipped without certain HTTP security headers, potentially enabling information disclosure via unspecified vectors. The Red Hat/Lenovo entries confirm the same CVE description and r...

5.3CVSS4.9AI score0.00694EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/09/05 3:15 p.m.17 views

CVE-2019-4149

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows user...

5.4CVSS5.2AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2019/09/05 3:15 p.m.3 views

CVE-2019-4149

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows user...

5.4CVSS5.7AI score0.00679EPSS
Exploits0References2
CVE
CVE
added 2019/09/05 2:50 p.m.48 views

CVE-2019-4149

IBM Business Automation Workflow (versions 18.0.0.0–18.0.0.2) and IBM BPM (versions 8.6.0.0–CF 2018.03, 8.5.7.0–CF 2017.06, 8.5.6.0–CF2) are affected by CVE-2019-4149, a cross-site scripting vulnerability in the Web UI that can embed arbitrary JavaScript and potentially disclose credentials withi...

5.4CVSS5.2AI score0.00679EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/09/05 2:50 p.m.21 views

CVE-2019-4149

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows user...

5.4CVSS5.2AI score0.00679EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/09/05 12:0 a.m.5 views

PT-2019-16929 · Ibm · Ibm Business Process Manager +1

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 IBM Business Process Manager versions 8.6.0.0 through 8.6.0.0 Cumulative Fix 2018.03 IBM Business Process Manager versions 8.5.7.0 through 8.5.7.0 Cumulative Fix 2017.06 IBM...

5.4CVSS5.5AI score0.00679EPSS
Exploits0References3
CNVD
CNVD
added 2019/09/03 12:0 a.m.5 views

IBM Business Automation Workflow and IBM Business Process Manager Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

5.4CVSS6.4AI score0.00679EPSS
Exploits0References1
OSV
OSV
added 2019/08/20 8:15 p.m.1 views

CVE-2019-4424

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force...

8.2CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2019/08/20 8:15 p.m.17 views

CVE-2019-4424

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force...

8.2CVSS7.5AI score0.02427EPSS
Exploits0References2
Prion
Prion
added 2019/08/20 8:15 p.m.20 views

Xxe

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force...

6.4CVSS8AI score0.02427EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/08/20 7:30 p.m.23 views

CVE-2019-4424

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force...

7.1CVSS8.1AI score0.02427EPSS
Exploits0References2
CVE
CVE
added 2019/08/20 7:30 p.m.57 views

CVE-2019-4424

CVE-2019-4424 is an XML External Entity (XXE) vulnerability affecting IBM Business Automation Workflow and IBM BPM. The IBM Security Bulletin lists affected products/versions: IBM Business Automation Workflow 18.0.0.0–18.0.0.2 and 19.0.0.1–19.0.0.2; IBM BPM up to several earlier CF fixes. The roo...

8.2CVSS7.9AI score0.02427EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2019/08/20 7:15 p.m.4 views

CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771...

5.7CVSS6.2AI score0.01157EPSS
Exploits0References2
NVD
NVD
added 2019/08/20 7:15 p.m.18 views

CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771...

5.7CVSS5.2AI score0.01157EPSS
Exploits0References2
Prion
Prion
added 2019/08/20 7:15 p.m.16 views

Code injection

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771...

3.5CVSS5.2AI score0.01157EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2019/08/20 6:25 p.m.23 views

CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771...

5.7CVSS5.2AI score0.01157EPSS
Exploits0References2
CVE
CVE
added 2019/08/20 6:25 p.m.54 views

CVE-2019-4425

CVE-2019-4425 affects IBM Business Automation Workflow (18.0.0.0–18.0.0.2) and IBM BPM components. The IBM security bulletin confirms a reverse tabnabbing information-disclosure issue where an attacker could cause a user to click a crafted link and potentially obtain sensitive information from an...

5.7CVSS5.1AI score0.01157EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder