Vulnerabilities > IBM > Business Process Manager > 8.5.7.0

DATE CVE VULNERABILITY TITLE RISK
2018-03-30 CVE-2017-1765 Information Exposure vulnerability in IBM Business Process Manager
IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server.
network
low complexity
ibm CWE-200
4.3
4.3
2018-03-30 CVE-2017-1756 Information Exposure vulnerability in IBM Business Process Manager
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
3.3
3.3
2017-12-20 CVE-2017-1494 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.5.0/8.5.6.0/8.5.7.0
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-26 CVE-2017-1539 Unspecified vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships.
network
low complexity
ibm
8.8
8.8
2017-09-26 CVE-2017-1531 Cross-site Scripting vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-26 CVE-2017-1530 Cross-site Scripting vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-26 CVE-2017-1527 XXE vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
8.1
8.1
2017-09-26 CVE-2017-1425 Cross-site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-25 CVE-2017-1424 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-25 CVE-2017-1346 Race Condition vulnerability in IBM Business Process Manager
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan.
local
high complexity
ibm CWE-362
2.5
2.5