Business Process Manager@8.6.0 Security Vulnerabilities and Issues — Business Process Manager@8.6.0 CVE List

Lucene search

IbmBusiness Process Manager8.6.0

4 matches found

CVE•added 2018/03/30 4:29 p.m.•41 views

CVE-2017-1767

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.

5.4CVSS5.2AI score0.0039EPSS

CVE•added 2018/03/30 4:29 p.m.•37 views

CVE-2017-1766

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

4.3CVSS4.4AI score0.00156EPSS

CVE•added 2018/03/30 4:29 p.m.•35 views

CVE-2018-1384

5.4CVSS5.2AI score0.0039EPSS

CVE•added 2018/09/20 3:29 p.m.•31 views

CVE-2018-1674

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

8.8CVSS8.5AI score0.00304EPSS