Vulnerabilities > IBM > Business Process Manager > 8.5.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-14 | CVE-2018-1848 | Cross-site Scripting vulnerability in IBM products IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. | 4.3 |
| 2018-09-20 | CVE-2018-1674 | SQL Injection vulnerability in IBM products IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. | 6.5 |
| 2018-03-30 | CVE-2018-1384 | Cross-site Scripting vulnerability in IBM products IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. | 3.5 |
| 2018-03-30 | CVE-2017-1765 | Information Exposure vulnerability in IBM products IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. | 4.0 |
| 2018-03-30 | CVE-2017-1756 | Information Exposure vulnerability in IBM products IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
| 2018-03-15 | CVE-2015-7463 | Improper Authorization vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. | 5.5 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 6.5 |
| 2017-09-26 | CVE-2017-1531 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 3.5 |
| 2017-09-26 | CVE-2017-1530 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 3.5 |
| 2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.5 |