Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmBusiness Process Manager

9 matches found

CVE
CVEadded 2018/03/30 4:29 p.m.42 views

CVE-2017-1756

IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.

4CVSS3.4AI score0.00111EPSS
CVE
CVEadded 2018/03/30 4:29 p.m.41 views

CVE-2017-1767

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.

5.4CVSS5.2AI score0.0039EPSS
CVE
CVEadded 2018/01/24 2:29 p.m.41 views

CVE-2017-1769

IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.

8.8CVSS8.3AI score0.0028EPSS
CVE
CVEadded 2018/03/30 4:29 p.m.38 views

CVE-2017-1765

IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

4.3CVSS4.2AI score0.00323EPSS
CVE
CVEadded 2018/03/30 4:29 p.m.37 views

CVE-2017-1766

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

4.3CVSS4.4AI score0.00156EPSS
CVE
CVEadded 2018/03/30 4:29 p.m.35 views

CVE-2018-1384

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.

5.4CVSS5.2AI score0.0039EPSS
CVE
CVEadded 2018/03/15 10:29 p.m.34 views

CVE-2015-7463

IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.

5.5CVSS4.5AI score0.00085EPSS
CVE
CVEadded 2018/12/14 4:29 p.m.33 views

CVE-2018-1848

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

6.1CVSS5.8AI score0.00239EPSS
CVE
CVEadded 2018/09/20 3:29 p.m.31 views

CVE-2018-1674

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

8.8CVSS8.5AI score0.00304EPSS