Vulnerabilities > IBM > Business Process Manager > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-08 | CVE-2017-1140 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. | 5.4 |
2017-05-22 | CVE-2017-1159 | Open Redirect vulnerability in IBM Business Process Manager IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.4 |
2017-03-07 | CVE-2016-9693 | Improper Input Validation vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. | 6.1 |
2017-02-01 | CVE-2016-9731 | Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0 IBM Business Process Manager is vulnerable to cross-site scripting. | 5.4 |
2016-10-14 | CVE-2016-3056 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content. | 5.4 |
2016-10-05 | CVE-2016-5901 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
2016-06-30 | CVE-2016-0349 | Improper Access Control vulnerability in IBM Business Process Manager 8.5.6.0/8.5.7.0 IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call. | 6.5 |
2016-03-21 | CVE-2015-7454 | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | 4.3 |
2016-03-03 | CVE-2016-0227 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
2016-02-29 | CVE-2015-8524 | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |