Vulnerabilities > IBM > Websphere Application Server > 7.2.0.3

DATE CVE VULNERABILITY TITLE RISK
2017-09-15 CVE-2015-0110 Improper Access Control vulnerability in IBM products
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
network
low complexity
ibm CWE-284
4.0
4.0
2015-03-24 CVE-2015-0106 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
4.3
4.3
2014-09-04 CVE-2014-4758 Permissions, Privileges, and Access Controls vulnerability in IBM products
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.
network
low complexity
ibm CWE-264
4.0
4.0
2014-09-04 CVE-2014-3075 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.
network
ibm CWE-79
3.5
3.5