Business Process Manager@8.6.0.0 Security Vulnerabilities and Issues — Business Process Manager@8.6.0.0 CVE List

Lucene search

IbmBusiness Process Manager8.6.0.0

9 matches found

CVE•added 2020/09/15 2:15 p.m.•45 views

CVE-2020-4530

IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w...

5.4CVSS5.2AI score0.00179EPSS

CVE•added 2020/06/29 2:15 p.m.•42 views

CVE-2020-4557

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis...

5.4CVSS5.4AI score0.00236EPSS

CVE•added 2020/02/27 4:15 p.m.•41 views

CVE-2019-4669

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add,...

6.5CVSS6.6AI score0.00265EPSS

CVE•added 2020/09/25 5:15 p.m.•41 views

CVE-2020-4531

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the sy...

5.3CVSS4.8AI score0.00124EPSS

CVE•added 2020/09/08 3:15 p.m.•39 views

CVE-2020-4516

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo...

5.4CVSS5.4AI score0.0006EPSS

CVE•added 2020/06/17 6:15 p.m.•39 views

CVE-2020-4532

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in f...

5.3CVSS4.8AI score0.00177EPSS

CVE•added 2020/09/08 3:15 p.m.•37 views

CVE-2020-4698

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

6.4CVSS5.3AI score0.00223EPSS

CVE•added 2020/05/06 2:15 p.m.•36 views

CVE-2020-4446

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.

4.3CVSS4.5AI score0.00077EPSS

CVE•added 2020/05/29 1:15 p.m.•31 views

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 1...

6.1CVSS6.1AI score0.00117EPSS