6 matches found
CVE-2016-9693
Summary: CVE-2016-9693 affects IBM BPM/WebSphere Lombardi Edition where a CSV download feature allows unauthenticated users to trigger download of attacker-supplied content, bypassing file-type restrictions and potentially delivering a malicious payload to victims. The IBM Security Bulletin confi...
CVE-2015-0193
CVE-2015-0193 : A cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) arises from improper neutralization of user-supplied input in certain error conditions, allowing remote authenticated users to inject arbitrary web script or HTML ...
CVE-2015-1884
IBM Business Process Manager (BPM) and WebSphere Lombardi Edition are affected by a directory traversal vulnerability (CVE-2015-1884) due to insufficient input validation in the internationalization-file URL. Vulnerable products/versions include BPM Standard/Express/Advanced 7.5.x–8.5.5.0 and WLE...
CVE-2017-1756
IBM Business Process Manager (multiple versions listed in the IBM advisory) is affected by CVE-2017-1756: due to incorrect cache headers, sensitive web content could be stored locally and read by another user on the same system. Impact is local information disclosure of stored pages. Remediation ...
CVE-2015-0156
CVE-2015-0156 is a stored XSS vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE). The root cause is improper validation of user-supplied input, allowing a remote authenticated attacker to craft a URL that executes arbitrary web script in the victim’s browser ...
CVE-2018-1848
CVE-2018-1848 is a cross-site scripting (XSS) flaw in IBM Business Automation Workflow, affecting version 18.0.0.0 through 18.0.0.1. The vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM’s bulletin (and r...