Business Process Manager@7.5.0.1 Security Vulnerabilities and Issues — Business Process Manager@7.5.0.1 CVE List

Lucene search

IbmBusiness Process Manager7.5.0.1

9 matches found

CVE•added 2017/05/22 8:29 p.m.•51 views

CVE-2017-1159

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a mali...

5.4CVSS5.1AI score0.001EPSS

CVE•added 2017/08/28 3:29 p.m.•46 views

CVE-2015-0101

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0....

6.1CVSS6AI score0.00224EPSS

CVE•added 2017/09/26 5:29 p.m.•45 views

CVE-2017-1539

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

8.8CVSS8.6AI score0.00596EPSS

CVE•added 2017/09/15 8:29 p.m.•44 views

CVE-2015-0110

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

6.5CVSS6AI score0.0009EPSS

CVE•added 2017/03/07 5:59 p.m.•44 views

CVE-2016-9693

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considere...

6.8CVSS6.1AI score0.00178EPSS

CVE•added 2017/09/26 5:29 p.m.•43 views

CVE-2017-1527

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.

8.1CVSS7.8AI score0.00542EPSS

CVE•added 2017/09/26 5:29 p.m.•43 views

CVE-2017-1531

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130...

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2017/09/26 5:29 p.m.•38 views

CVE-2017-1530

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2017/09/25 4:29 p.m.•36 views

CVE-2017-1346

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

2.5CVSS3.4AI score0.00042EPSS