Business Process Manager Security Vulnerabilities and Issues — Business Process Manager CVE List

Lucene search

IbmBusiness Process Manager

11 matches found

CVE•added 2013/07/06 1:57 p.m.•45 views

CVE-2013-0581

Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) ProcessPortal/jsp/socialPortal/dashboard.jsp, (2) teamworks/executeServi...

3.5CVSS5.2AI score0.00188EPSS

CVE•added 2015/03/24 12:59 a.m.•45 views

CVE-2015-0103

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields.

3.5CVSS5.3AI score0.00176EPSS

CVE•added 2015/10/03 10:59 p.m.•42 views

CVE-2015-4955

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS6.8AI score0.00231EPSS

CVE•added 2014/12/19 2:59 a.m.•41 views

CVE-2014-6173

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5CVSS5.2AI score0.00227EPSS

CVE•added 2015/01/21 3:17 p.m.•39 views

CVE-2014-8913

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.

3.5CVSS5.2AI score0.00304EPSS

CVE•added 2015/05/30 7:59 p.m.•38 views

CVE-2015-0193

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted UR...

3.5CVSS6.8AI score0.00201EPSS

CVE•added 2014/09/04 10:55 a.m.•37 views

CVE-2014-3075

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

3.5CVSS5.3AI score0.00188EPSS

CVE•added 2015/01/21 3:17 p.m.•37 views

CVE-2014-8914

3.5CVSS5.2AI score0.00304EPSS

CVE•added 2015/05/25 2:59 p.m.•37 views

CVE-2015-0156

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted UR...

3.5CVSS5.2AI score0.00227EPSS

CVE•added 2015/08/01 1:59 a.m.•36 views

CVE-2015-1904

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to byp...

3.5CVSS8.7AI score0.00086EPSS

CVE•added 2015/07/21 7:59 p.m.•35 views

CVE-2015-1906

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

3.5CVSS5.2AI score0.00227EPSS