Business Process Manager@8.5.5.0 Security Vulnerabilities and Issues — Page 2 of Business Process Manager@8.5.5.0 CVE List

Lucene search

IbmBusiness Process Manager8.5.5.0

60 matches found

CVE•added 2015/08/01 1:59 a.m.•36 views

CVE-2015-1904

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to byp...

3.5CVSS8.7AI score0.00086EPSS

CVE•added 2017/09/25 4:29 p.m.•36 views

CVE-2017-1346

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

2.5CVSS3.4AI score0.00042EPSS

CVE•added 2015/06/28 2:59 p.m.•35 views

CVE-2015-1884

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted int...

4CVSS6.2AI score0.00808EPSS

CVE•added 2015/07/21 7:59 p.m.•35 views

CVE-2015-1906

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

3.5CVSS5.2AI score0.00227EPSS

CVE•added 2018/03/30 4:29 p.m.•35 views

CVE-2018-1384

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.

5.4CVSS5.2AI score0.0039EPSS

CVE•added 2015/07/13 4:59 p.m.•34 views

CVE-2015-1961

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via a...

9CVSS7AI score0.00216EPSS

CVE•added 2018/03/15 10:29 p.m.•34 views

CVE-2015-7463

IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.

5.5CVSS4.5AI score0.00085EPSS

CVE•added 2016/03/03 10:59 p.m.•34 views

CVE-2016-0227

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

5.4CVSS5.1AI score0.00241EPSS

CVE•added 2018/12/14 4:29 p.m.•33 views

CVE-2018-1848

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

6.1CVSS5.8AI score0.00239EPSS

CVE•added 2018/09/20 3:29 p.m.•31 views

CVE-2018-1674

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

8.8CVSS8.5AI score0.00304EPSS

Total number of security vulnerabilities60