Vulnerabilities > IBM > Business Process Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-1384 | Cross-site Scripting vulnerability in IBM products IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-03-30 | CVE-2017-1767 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-03-30 | CVE-2017-1766 | Incorrect Authorization vulnerability in IBM Business Process Manager Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. | 4.3 |
| 2018-03-30 | CVE-2017-1765 | Information Exposure vulnerability in IBM Business Process Manager IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. | 4.3 |
| 2018-03-30 | CVE-2017-1756 | Information Exposure vulnerability in IBM Business Process Manager IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2018-03-15 | CVE-2015-7463 | Improper Authorization vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. | 4.3 |
| 2018-01-24 | CVE-2017-1769 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-12-20 | CVE-2017-1494 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.5.0/8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-27 | CVE-2017-1628 | Incorrect Authorization vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks. | 6.5 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 8.8 |