Vulnerabilities > IBM > Websphere > 7.2.0.1

DATE CVE VULNERABILITY TITLE RISK
2018-12-14 CVE-2018-1848 Cross-site Scripting vulnerability in IBM products
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2018-03-30 CVE-2017-1756 Information Exposure vulnerability in IBM products
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-200
2.1
2.1
2017-03-07 CVE-2016-9693 Improper Input Validation vulnerability in IBM Business Process Manager and Websphere
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks.
network
ibm CWE-20
6.8
6.8
2015-06-28 CVE-2015-1884 Path Traversal vulnerability in IBM Business Process Manager and Websphere
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
network
low complexity
ibm CWE-22
4.0
4.0
2015-05-30 CVE-2015-0193 Cross-site Scripting vulnerability in IBM Business Process Manager and Websphere
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.
network
ibm CWE-79
3.5
3.5
2015-05-25 CVE-2015-0156 Cross-site Scripting vulnerability in IBM Business Process Manager and Websphere
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
ibm CWE-79
3.5
3.5