Business Process Manager

business_process_manager

Vendor: Ibm • 88 CVEs

CVEs (88)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-4425 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 Aug 20, 2019 N/A· v4 5.7 MEDIUM· v3 3.5 LOW· v2 IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force...Show more IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.Show less
CVE-2019-4410 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 Jul 1, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...Show more IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657.Show less
CVE-2019-4204 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 May 10, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...Show more IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125.Show less
CVE-2019-4045 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 Apr 8, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last...Show more IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.Show less
CVE-2018-2000 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 Apr 8, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trus...Show more IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.Show less
CVE-2018-1999 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 Apr 8, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force...Show more IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.Show less
CVE-2018-1997 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 Apr 8, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts...Show more IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.Show less
CVE-2018-1885 1Ibm 4Business Automation Workflow Business Process ManagerBusiness Process Manager Enterprise Service Bus+1 more Nov 21, 2024 Apr 8, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.
CVE-2018-1848 1Ibm 3Business Automation Workflow Business Process ManagerWebsphere Nov 21, 2024 Dec 14, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote...Show more IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947.Show less
CVE-2018-1674 1Ibm 2Business Automation Workflow Business Process Manager Nov 21, 2024 Sep 20, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modi...Show more IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.Show less
CVE-2018-1384 1Ibm 4Business Process Manager Business Process Manager Enterprise Service BusWebsphere Enterprise Service Bus+1 more Nov 21, 2024 Mar 30, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...Show more IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.Show less
CVE-2017-1767 1Ibm 1Business Process Manager Nov 21, 2024 Mar 30, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...Show more IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.Show less
CVE-2017-1766 1Ibm 1Business Process Manager Nov 21, 2024 Mar 30, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.
CVE-2017-1765 1Ibm 2Business Process Manager Business Process Manager Enterprise Service Bus Nov 21, 2024 Mar 30, 2018 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.
CVE-2017-1756 1Ibm 3Business Process Manager Business Process Manager Enterprise Service BusWebsphere Nov 21, 2024 Mar 30, 2018 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
CVE-2015-7463 1Ibm 1Business Process Manager Nov 21, 2024 Mar 15, 2018 N/A· v4 4.3 MEDIUM· v3 5.5 MEDIUM· v2 IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID:...Show more IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393.Show less
CVE-2017-1769 1Ibm 1Business Process Manager Nov 21, 2024 Jan 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 13...Show more IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.Show less
CVE-2017-1494 1Ibm 1Business Process Manager May 13, 2026 Dec 20, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...Show more IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.Show less
CVE-2017-1628 1Ibm 1Business Process Manager May 13, 2026 Nov 27, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.
CVE-2017-1539 1Ibm 1Business Process Manager May 13, 2026 Sep 26, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership a...Show more IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.Show less

Previous 123 4 5 Next