Business Process Manager@8.5.6.1 Security Vulnerabilities and Issues — Business Process Manager@8.5.6.1 CVE List

Lucene search

IbmBusiness Process Manager8.5.6.1

17 matches found

CVE•added 2016/03/21 2:59 p.m.•49 views

CVE-2015-7454

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restri...

4.3CVSS5.5AI score0.0016EPSS

CVE•added 2017/09/26 5:29 p.m.•45 views

CVE-2017-1539

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.

8.8CVSS8.6AI score0.00596EPSS

CVE•added 2017/09/26 5:29 p.m.•43 views

CVE-2017-1527

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.

8.1CVSS7.8AI score0.00542EPSS

CVE•added 2017/09/26 5:29 p.m.•43 views

CVE-2017-1531

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130...

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2018/03/30 4:29 p.m.•42 views

CVE-2017-1756

IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.

4CVSS3.4AI score0.00111EPSS

CVE•added 2018/03/30 4:29 p.m.•41 views

CVE-2017-1767

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.

5.4CVSS5.2AI score0.0039EPSS

CVE•added 2016/01/01 12:59 a.m.•39 views

CVE-2015-7441

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticate...

6.8CVSS6.1AI score0.00247EPSS

CVE•added 2020/09/08 3:15 p.m.•39 views

CVE-2020-4516

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

5.4CVSS5.4AI score0.0006EPSS

CVE•added 2020/12/21 6:15 p.m.•39 views

CVE-2020-4794

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force I...

5.5CVSS5.3AI score0.00128EPSS

CVE•added 2017/09/26 5:29 p.m.•38 views

CVE-2017-1530

5.4CVSS5.2AI score0.00269EPSS

CVE•added 2018/03/30 4:29 p.m.•38 views

CVE-2017-1765

IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

4.3CVSS4.2AI score0.00323EPSS

CVE•added 2018/03/30 4:29 p.m.•37 views

CVE-2017-1766

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

4.3CVSS4.4AI score0.00156EPSS

CVE•added 2020/09/08 3:15 p.m.•37 views

CVE-2020-4698

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

6.4CVSS5.3AI score0.00223EPSS

CVE•added 2017/09/25 4:29 p.m.•36 views

CVE-2017-1346

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.

2.5CVSS3.4AI score0.00042EPSS

CVE•added 2018/03/30 4:29 p.m.•35 views

CVE-2018-1384

5.4CVSS5.2AI score0.0039EPSS

CVE•added 2016/10/05 10:59 a.m.•34 views

CVE-2016-5901

Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.0017EPSS

CVE•added 2018/09/20 3:29 p.m.•31 views

CVE-2018-1674

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

8.8CVSS8.5AI score0.00304EPSS