Ibm Business Process Manager
23 CVEs affecting Ibm Business Process Manager. Latest disclosed: 2022-12-07. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1628 | Medium | 6.5 | 2017-11-27 | IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. |
CVE-2021-29834 | Medium | 6.4 | 2021-09-29 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5… |
CVE-2020-4698 | Medium | 6.4 | 2020-09-08 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerabili… |
CVE-2019-4669 | Medium | 6.3 | 2020-02-27 | IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3… |
CVE-2018-1674 | Medium | 6.3 | 2018-09-20 | IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL… |
CVE-2021-29753 | Medium | 5.9 | 2021-11-05 | IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an i… |
CVE-2022-41735 | Medium | 5.4 | 2022-12-07 | IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerabi… |
CVE-2021-38883 | Medium | 5.4 | 2021-12-17 | IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerabil… |
CVE-2020-4794 | Medium | 5.4 | 2020-12-21 | IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could all… |
CVE-2020-4530 | Medium | 5.4 | 2020-09-15 | IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows use… |
CVE-2020-4516 | Medium | 5.4 | 2020-09-08 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allo… |
CVE-2020-4557 | Medium | 5.4 | 2020-06-29 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability a… |
CVE-2019-4149 | Medium | 5.4 | 2019-09-05 | IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 throug… |
CVE-2018-1384 | Medium | 5.4 | 2018-03-30 | IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a… |
CVE-2017-1767 | Medium | 5.4 | 2018-03-30 | IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a… |
CVE-2020-4531 | Medium | 5.3 | 2020-09-25 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive info… |
CVE-2021-39046 | Medium | 4.9 | 2022-03-18 | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can… |
CVE-2022-22361 | Medium | 4.3 | 2022-05-31 | IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Busine… |
CVE-2017-1766 | Medium | 4.3 | 2018-03-30 | Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151. |
CVE-2017-1756 | Medium | 4.0 | 2018-03-30 | IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856. |