Vulnerabilities > IBM > Business Process Manager > 8.5.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2017-1767 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. | 3.5 |
| 2018-03-30 | CVE-2017-1766 | Incorrect Authorization vulnerability in IBM Business Process Manager Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. | 4.0 |
| 2018-03-30 | CVE-2017-1765 | Information Exposure vulnerability in IBM products IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. | 4.0 |
| 2018-03-30 | CVE-2017-1756 | Information Exposure vulnerability in IBM products IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. | 2.1 |
| 2017-12-20 | CVE-2017-1494 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.5.0/8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. | 3.5 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 6.5 |
| 2017-09-26 | CVE-2017-1531 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 3.5 |
| 2017-09-26 | CVE-2017-1530 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. | 3.5 |
| 2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.5 |
| 2017-09-26 | CVE-2017-1425 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.0.1.1/8.5.7.0 IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. | 3.5 |