Skip to main content

Business Process Manager

76 CVEs product

Monthly

CVE-2022-22361 MEDIUM PATCH This Month

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-38900 MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow Business Process Manager Workflow Process Service
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-38893 MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Business Process Manager Workflow Process Service
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-38883 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29753 MEDIUM This Month

IBM Business Automation Workflow 18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-29834 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29751 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-4794 MEDIUM PATCH This Month

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Denial Of Service IBM Authentication Bypass Automation Workstream Services Business Process Manager +1
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4531 MEDIUM This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-4530 MEDIUM PATCH This Month

IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4698 MEDIUM PATCH This Month

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4516 MEDIUM PATCH This Month

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-4557 MEDIUM This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-4532 MEDIUM This Month

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-4490 MEDIUM This Month

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-4446 MEDIUM This Month

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-4149 MEDIUM This Month

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4424 HIGH This Week

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
8.2
EPSS
2.4%
CVE-2019-4425 MEDIUM This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2019-4410 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2019-4204 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2019-4045 MEDIUM This Month

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow Business Process Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2018-1848 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager Websphere
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1674 HIGH This Week

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Business Automation Workflow Business Process Manager
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1384 MEDIUM This Month

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager Websphere Enterprise Service Bus Websphere Process Server +1
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2017-1494 MEDIUM This Month

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1628 MEDIUM This Month

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-1539 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-1531 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1530 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1527 HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-1425 MEDIUM This Month

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1424 MEDIUM This Month

IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1346 LOW PATCH Monitor

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Business Process Manager
NVD
CVSS 3.0
2.5
EPSS
0.0%
CVE-2015-0110 MEDIUM This Month

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager Websphere Application Server
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-0101 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-1140 MEDIUM PATCH This Month

IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-1159 MEDIUM PATCH This Month

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-9693 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Business Process Manager Websphere
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9731 MEDIUM PATCH This Month

IBM Business Process Manager is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3056 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5901 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0349 MEDIUM This Month

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2015-7454 MEDIUM PATCH This Month

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Websphere Process Server Business Process Manager
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-0227 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8524 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Business Process Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-7441 MEDIUM This Month

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Business Process Manager Websphere Process Server
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2015-4955 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1904 LOW PATCH Monitor

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2015-1906 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-1905 MEDIUM PATCH This Month

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-1961 CRITICAL PATCH Act Now

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Business Process Manager
NVD
CVSS 2.0
9.0
EPSS
0.2%
CVE-2015-1884 MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager Websphere
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2015-0193 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager Websphere
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0156 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Websphere Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0158 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0106 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Application Server Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0105 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-0103 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6139 MEDIUM PATCH This Month

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-8914 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-8913 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6173 LOW Monitor

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6182 MEDIUM PATCH This Month

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-4844 MEDIUM This Month

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2014-6176 MEDIUM This Month

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Business Process Manager Websphere Enterprise Service Bus Websphere Process Server
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-6101 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4802 MEDIUM PATCH This Month

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4759 MEDIUM PATCH This Month

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4758 MEDIUM PATCH This Month

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-3075 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager Websphere Application Server
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3087 MEDIUM PATCH This Month

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2014-3076 MEDIUM PATCH This Month

IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Business Process Manager
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-0957 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager Websphere Application Server
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0908 MEDIUM This Month

The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD VulDB
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-0581 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

IBM CSRF Business Automation Workflow +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow +2
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow +2
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

IBM Business Automation Workflow 18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Denial Of Service IBM Authentication Bypass +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Automation Workflow +1
NVD
EPSS 2% CVSS 8.2
HIGH This Week

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Business Automation Workflow +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi IBM Business Automation Workflow +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager +3
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. Rated low severity (CVSS 2.5). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Business Process Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect IBM Business Process Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Business Process Manager +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Business Process Manager is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Websphere Process Server +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Business Process Manager +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Business Process Manager
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Websphere +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Websphere Application Server +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Business Process Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Business Process Manager +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Privilege Escalation Business Process Manager +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM XSS Business Process Manager +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM XXE Information Disclosure +2
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Business Process Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Business Process Manager
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Business Process Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy