Vulnerabilities > IBM > Business Process Manager > 8.5.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2017-1756 | Information Exposure vulnerability in IBM Business Process Manager IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2018-03-15 | CVE-2015-7463 | Improper Authorization vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. | 4.3 |
| 2017-12-20 | CVE-2017-1494 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.5.0/8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 8.8 |
| 2017-09-26 | CVE-2017-1531 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-1530 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-25 | CVE-2017-1346 | Race Condition vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. | 2.5 |
| 2017-06-08 | CVE-2017-1140 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. | 5.4 |
| 2017-05-22 | CVE-2017-1159 | Open Redirect vulnerability in IBM Business Process Manager IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |