Show filters
24 Total Results
Displaying 11-20 of 24
Sort by:
Attacker Value
Unknown

CVE-2021-29751

Disclosure Date: June 25, 2021 (last updated November 28, 2024)
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
Attacker Value
Unknown

CVE-2020-4794

Disclosure Date: December 18, 2020 (last updated February 22, 2025)
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
Attacker Value
Unknown

CVE-2020-4531

Disclosure Date: September 24, 2020 (last updated February 22, 2025)
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.
Attacker Value
Unknown

CVE-2020-4516

Disclosure Date: September 04, 2020 (last updated February 22, 2025)
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.
Attacker Value
Unknown

CVE-2020-4698

Disclosure Date: September 04, 2020 (last updated February 22, 2025)
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.
Attacker Value
Unknown

CVE-2020-4557

Disclosure Date: June 28, 2020 (last updated February 21, 2025)
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.
Attacker Value
Unknown

CVE-2020-4490

Disclosure Date: May 28, 2020 (last updated February 21, 2025)
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989
Attacker Value
Unknown

CVE-2019-4426

Disclosure Date: December 13, 2019 (last updated November 27, 2024)
The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162772.
Attacker Value
Unknown

CVE-2018-1885

Disclosure Date: April 08, 2019 (last updated November 27, 2024)
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.
0
Attacker Value
Unknown

CVE-2018-1997

Disclosure Date: April 08, 2019 (last updated November 27, 2024)
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.
0