Show filters
24 Total Results
Displaying 11-20 of 24
Sort by:
Attacker Value
Unknown
CVE-2021-29751
Disclosure Date: June 25, 2021 (last updated November 28, 2024)
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
0
Attacker Value
Unknown
CVE-2020-4794
Disclosure Date: December 18, 2020 (last updated February 22, 2025)
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
0
Attacker Value
Unknown
CVE-2020-4531
Disclosure Date: September 24, 2020 (last updated February 22, 2025)
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.
0
Attacker Value
Unknown
CVE-2020-4516
Disclosure Date: September 04, 2020 (last updated February 22, 2025)
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.
0
Attacker Value
Unknown
CVE-2020-4698
Disclosure Date: September 04, 2020 (last updated February 22, 2025)
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.
0
Attacker Value
Unknown
CVE-2020-4557
Disclosure Date: June 28, 2020 (last updated February 21, 2025)
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.
0
Attacker Value
Unknown
CVE-2020-4490
Disclosure Date: May 28, 2020 (last updated February 21, 2025)
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989
0
Attacker Value
Unknown
CVE-2019-4426
Disclosure Date: December 13, 2019 (last updated November 27, 2024)
The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.
0
Attacker Value
Unknown
CVE-2018-1885
Disclosure Date: April 08, 2019 (last updated November 27, 2024)
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.
0
Attacker Value
Unknown
CVE-2018-1997
Disclosure Date: April 08, 2019 (last updated November 27, 2024)
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.
0