Vulnerabilities > IBM > Business Process Manager > 8.5.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-22 | CVE-2017-1159 | Open Redirect vulnerability in IBM Business Process Manager IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
| 2017-03-07 | CVE-2016-9693 | Improper Input Validation vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. | 6.1 |
| 2016-10-14 | CVE-2016-3056 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content. | 5.4 |
| 2016-03-21 | CVE-2015-7454 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | 4.3 |
| 2016-03-03 | CVE-2016-0227 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-02-29 | CVE-2015-8524 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-01 | CVE-2015-7441 | Code vulnerability in IBM Business Process Manager and Websphere Process Server Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | 6.8 |