Vulnerabilities > IBM > Business Process Manager > 8.5.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2017-1756 | Information Exposure vulnerability in IBM products IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 6.5 |
| 2017-09-26 | CVE-2017-1531 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 3.5 |
| 2017-09-26 | CVE-2017-1530 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 3.5 |
| 2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.5 |
| 2017-09-25 | CVE-2017-1346 | Race Condition vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. | 1.9 |
| 2017-03-07 | CVE-2016-9693 | Improper Input Validation vulnerability in IBM Business Process Manager and Websphere IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. | 6.8 |
| 2016-10-14 | CVE-2016-3056 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content. | 3.5 |
| 2016-10-05 | CVE-2016-5901 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2016-03-21 | CVE-2015-7454 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | 4.0 |