Business Process Manager Security Vulnerabilities and Issues — Page 2 of Business Process Manager CVE List

Lucene search

IbmBusiness Process Manager

89 matches found

CVE•added 2015/01/21 3:17 p.m.•39 views

CVE-2014-8913

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.

3.5CVSS5.2AI score0.00304EPSS

CVE•added 2015/07/21 7:59 p.m.•39 views

CVE-2015-1905

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.

4CVSS6.1AI score0.00154EPSS

CVE•added 2016/01/01 12:59 a.m.•39 views

CVE-2015-7441

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticate...

6.8CVSS6.1AI score0.00247EPSS

CVE•added 2016/06/30 1:59 a.m.•39 views

CVE-2016-0349

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.

6.5CVSS6AI score0.00096EPSS

CVE•added 2019/08/20 7:15 p.m.•39 views

CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.

5.7CVSS5.1AI score0.00276EPSS

CVE•added 2020/09/08 3:15 p.m.•39 views

CVE-2020-4516

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

5.4CVSS5.4AI score0.0006EPSS

CVE•added 2020/06/17 6:15 p.m.•39 views

CVE-2020-4532

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in f...

5.3CVSS4.8AI score0.00177EPSS

CVE•added 2020/12/21 6:15 p.m.•39 views

CVE-2020-4794

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force I...

5.5CVSS5.3AI score0.00128EPSS

CVE•added 2015/05/30 7:59 p.m.•38 views

CVE-2015-0193

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted UR...

3.5CVSS6.8AI score0.00201EPSS

CVE•added 2017/09/26 5:29 p.m.•38 views

CVE-2017-1530

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130...

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2018/03/30 4:29 p.m.•38 views

CVE-2017-1765

IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

4.3CVSS4.2AI score0.00323EPSS

CVE•added 2014/07/18 1:0 a.m.•37 views

CVE-2014-0957

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.

4.3CVSS5.7AI score0.00278EPSS

CVE•added 2014/09/04 10:55 a.m.•37 views

CVE-2014-3075

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

3.5CVSS5.3AI score0.00188EPSS

CVE•added 2014/08/11 10:55 p.m.•37 views

CVE-2014-3076

IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page.

5CVSS6.2AI score0.00451EPSS

CVE•added 2014/10/07 10:55 a.m.•37 views

CVE-2014-4802

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by exec...

4CVSS5.8AI score0.00159EPSS

CVE•added 2015/01/21 3:17 p.m.•37 views

CVE-2014-8914

3.5CVSS5.2AI score0.00304EPSS

CVE•added 2015/03/24 12:59 a.m.•37 views

CVE-2015-0105

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00352EPSS

CVE•added 2015/05/25 2:59 p.m.•37 views

CVE-2015-0156

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted UR...

3.5CVSS5.2AI score0.00227EPSS

CVE•added 2018/03/30 4:29 p.m.•37 views

CVE-2017-1766

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

4.3CVSS4.4AI score0.00156EPSS

CVE•added 2020/09/08 3:15 p.m.•37 views

CVE-2020-4698

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

6.4CVSS5.3AI score0.00223EPSS

CVE•added 2021/06/28 4:15 p.m.•37 views

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.

4.3CVSS4.4AI score0.00225EPSS

CVE•added 2014/09/04 10:55 a.m.•36 views

CVE-2014-4759

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.

4CVSS5.8AI score0.00179EPSS

CVE•added 2015/02/13 2:59 a.m.•36 views

CVE-2014-6139

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.

4CVSS6.2AI score0.0014EPSS

CVE•added 2015/08/01 1:59 a.m.•36 views

CVE-2015-1904

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to byp...

3.5CVSS8.7AI score0.00086EPSS

CVE•added 2017/09/25 4:29 p.m.•36 views

CVE-2017-1346

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

2.5CVSS3.4AI score0.00042EPSS

CVE•added 2019/09/05 3:15 p.m.•36 views

CVE-2019-4149

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users ...

5.4CVSS5.2AI score0.00277EPSS

CVE•added 2019/05/10 3:29 p.m.•36 views

CVE-2019-4204

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.2AI score0.00229EPSS

CVE•added 2020/05/06 2:15 p.m.•36 views

CVE-2020-4446

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.

4.3CVSS4.5AI score0.00077EPSS

CVE•added 2015/06/28 2:59 p.m.•35 views

CVE-2015-1884

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted int...

4CVSS6.2AI score0.00808EPSS

CVE•added 2015/07/21 7:59 p.m.•35 views

CVE-2015-1906

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

3.5CVSS5.2AI score0.00227EPSS

CVE•added 2018/03/30 4:29 p.m.•35 views

CVE-2018-1384

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.

5.4CVSS5.2AI score0.0039EPSS

CVE•added 2021/09/29 4:15 p.m.•35 views

CVE-2021-29834

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu...

6.4CVSS5.1AI score0.00105EPSS

CVE•added 2015/07/13 4:59 p.m.•34 views

CVE-2015-1961

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...

9CVSS7AI score0.00216EPSS

CVE•added 2018/03/15 10:29 p.m.•34 views

CVE-2015-7463

IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.

5.5CVSS4.5AI score0.00085EPSS

CVE•added 2016/03/03 10:59 p.m.•34 views

CVE-2016-0227

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5.1AI score0.00241EPSS

CVE•added 2016/10/05 10:59 a.m.•34 views

CVE-2016-5901

Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.0017EPSS

CVE•added 2018/12/14 4:29 p.m.•33 views

CVE-2018-1848

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

6.1CVSS5.8AI score0.00239EPSS

CVE•added 2018/09/20 3:29 p.m.•31 views

CVE-2018-1674

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

8.8CVSS8.5AI score0.00304EPSS

CVE•added 2020/05/29 1:15 p.m.•31 views

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 1...

6.1CVSS6.1AI score0.00117EPSS

Total number of security vulnerabilities89