Show filters
37 Total Results
Displaying 21-30 of 37
Sort by:
Attacker Value
Unknown
CVE-2018-1384
Disclosure Date: March 30, 2018 (last updated November 26, 2024)
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
0
Attacker Value
Unknown
CVE-2017-1765
Disclosure Date: March 30, 2018 (last updated November 26, 2024)
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.
0
Attacker Value
Unknown
CVE-2017-1494
Disclosure Date: December 20, 2017 (last updated November 26, 2024)
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.
0
Attacker Value
Unknown
CVE-2017-1527
Disclosure Date: September 26, 2017 (last updated November 26, 2024)
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.
0
Attacker Value
Unknown
CVE-2017-1425
Disclosure Date: September 26, 2017 (last updated November 26, 2024)
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.
0
Attacker Value
Unknown
CVE-2017-1530
Disclosure Date: September 26, 2017 (last updated November 26, 2024)
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409.
0
Attacker Value
Unknown
CVE-2017-1531
Disclosure Date: September 26, 2017 (last updated November 26, 2024)
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.
0
Attacker Value
Unknown
CVE-2017-1539
Disclosure Date: September 26, 2017 (last updated November 26, 2024)
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.
0
Attacker Value
Unknown
CVE-2017-1346
Disclosure Date: September 25, 2017 (last updated November 26, 2024)
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.
0
Attacker Value
Unknown
CVE-2017-1424
Disclosure Date: September 25, 2017 (last updated November 26, 2024)
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.
0
