Vulnerabilities > IBM > Business Process Manager > 8.5.0.1

DATE CVE VULNERABILITY TITLE RISK
2016-03-03 CVE-2016-0227 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2016-02-29 CVE-2015-8524 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
4.3
2016-01-01 CVE-2015-7441 Code vulnerability in IBM Business Process Manager and Websphere Process Server
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
ibm CWE-17
4.9
4.9
2015-10-03 CVE-2015-4955 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2015-08-01 CVE-2015-1904 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.
network
ibm CWE-264
3.5
3.5
2015-07-21 CVE-2015-1906 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5
2015-07-21 CVE-2015-1905 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.
network
low complexity
ibm CWE-264
4.0
4.0
2015-07-13 CVE-2015-1961 Improper Access Control vulnerability in IBM Business Process Manager
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
network
low complexity
ibm CWE-284
critical
 9.0
9.0
2015-06-28 CVE-2015-1884 Path Traversal vulnerability in IBM Business Process Manager and Websphere
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
network
low complexity
ibm CWE-22
4.0
4.0
2015-05-30 CVE-2015-0193 Cross-site Scripting vulnerability in IBM Business Process Manager and Websphere
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.
network
ibm CWE-79
3.5
3.5