Lucene search
K
IbmWebsphere

6 matches found

CVE
CVE
added 2017/03/07 5:0 p.m.60 views

CVE-2016-9693

Summary: CVE-2016-9693 affects IBM BPM/WebSphere Lombardi Edition where a CSV download feature allows unauthenticated users to trigger download of attacker-supplied content, bypassing file-type restrictions and potentially delivering a malicious payload to victims. The IBM Security Bulletin confi...

6.8CVSS6.1AI score0.00534EPSS
CVE
CVE
added 2015/05/30 7:0 p.m.57 views

CVE-2015-0193

CVE-2015-0193 : A cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) arises from improper neutralization of user-supplied input in certain error conditions, allowing remote authenticated users to inject arbitrary web script or HTML ...

3.5CVSS6.8AI score0.00931EPSS
CVE
CVE
added 2015/06/28 2:0 p.m.57 views

CVE-2015-1884

IBM Business Process Manager (BPM) and WebSphere Lombardi Edition are affected by a directory traversal vulnerability (CVE-2015-1884) due to insufficient input validation in the internationalization-file URL. Vulnerable products/versions include BPM Standard/Express/Advanced 7.5.x–8.5.5.0 and WLE...

4CVSS6.2AI score0.02917EPSS
CVE
CVE
added 2018/03/30 4:0 p.m.54 views

CVE-2017-1756

IBM Business Process Manager (multiple versions listed in the IBM advisory) is affected by CVE-2017-1756: due to incorrect cache headers, sensitive web content could be stored locally and read by another user on the same system. Impact is local information disclosure of stored pages. Remediation ...

4CVSS3.4AI score0.00394EPSS
CVE
CVE
added 2015/05/25 2:0 p.m.53 views

CVE-2015-0156

CVE-2015-0156 is a stored XSS vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE). The root cause is improper validation of user-supplied input, allowing a remote authenticated attacker to craft a URL that executes arbitrary web script in the victim’s browser ...

3.5CVSS5.2AI score0.01338EPSS
CVE
CVE
added 2018/12/14 3:30 p.m.47 views

CVE-2018-1848

CVE-2018-1848 is a cross-site scripting (XSS) flaw in IBM Business Automation Workflow, affecting version 18.0.0.0 through 18.0.0.1. The vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM’s bulletin (and r...

6.1CVSS5.8AI score0.01325EPSS