Ibm Business_process_manager
51 CVEs affecting Ibm Business_process_manager. Latest disclosed: 2017-12-20. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1539 | High | 8.8 | 2017-09-26 | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user regist… |
CVE-2017-1527 | High | 8.1 | 2017-09-26 | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could… |
CVE-2015-7441 | Medium | 6.8 | 2016-01-01 | Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8… |
CVE-2017-1628 | Medium | 6.5 | 2017-11-27 | IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. |
CVE-2015-0110 | Medium | 6.5 | 2017-09-15 | IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intend… |
CVE-2016-0349 | Medium | 6.5 | 2016-06-30 | IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and… |
CVE-2015-0101 | Medium | 6.1 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Proces… |
CVE-2016-9693 | Medium | 6.1 | 2017-03-07 | IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unau… |
CVE-2015-8524 | Medium | 6.1 | 2016-02-29 | Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x throug… |
CVE-2017-1494 | Medium | 5.4 | 2017-12-20 | IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus a… |
CVE-2017-1531 | Medium | 5.4 | 2017-09-26 | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the… |
CVE-2017-1530 | Medium | 5.4 | 2017-09-26 | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the… |
CVE-2017-1425 | Medium | 5.4 | 2017-09-26 | IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the… |
CVE-2017-1424 | Medium | 5.4 | 2017-09-25 | IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus… |
CVE-2017-1140 | Medium | 5.4 | 2017-06-08 | IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web… |
CVE-2017-1159 | Medium | 5.4 | 2017-05-22 | IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to vi… |
CVE-2016-9731 | Medium | 5.4 | 2017-02-01 | IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alter… |
CVE-2016-3056 | Medium | 5.4 | 2016-10-14 | Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2… |
CVE-2016-5901 | Medium | 5.4 | 2016-10-05 | Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows r… |
CVE-2016-0227 | Medium | 5.4 | 2016-03-03 | Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8… |