Vulnerabilities > IBM > Websphere Process Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-30 CVE-2018-1384 Cross-site Scripting vulnerability in IBM products
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2016-03-21 CVE-2015-7454 Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager and Websphere Process Server
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.
network
low complexity
ibm CWE-264
4.3
4.3
2016-01-01 CVE-2015-7441 Code vulnerability in IBM Business Process Manager and Websphere Process Server
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
network
high complexity
ibm CWE-17
6.8
6.8