Business Process Manager Security Vulnerabilities and Issues — Business Process Manager CVE List

Lucene search

IbmBusiness Process Manager

4 matches found

CVE•added 2014/12/17 12:59 a.m.•42 views

CVE-2014-4844

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.

6.5CVSS6.2AI score0.00216EPSS

CVE•added 2014/12/19 2:59 a.m.•41 views

CVE-2014-6173

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00227EPSS

CVE•added 2014/12/17 12:59 a.m.•41 views

CVE-2014-6182

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

4CVSS6.2AI score0.00389EPSS

CVE•added 2014/12/16 11:59 p.m.•39 views

CVE-2014-6176

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which ma...

4.3CVSS6.1AI score0.0036EPSS