Ibm Business Process Manager vulnerabilities

89 known vulnerabilities affecting ibm/business_process_manager.

Total CVEs
89
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM69LOW13

Vulnerabilities

Page 4 of 5
CVE-2015-4955LOWCVSS 3.5v8.0.0.0v8.0.1.0+7 more2015-10-03
CVE-2015-4955 [LOW] CWE-79 CVE-2015-4955: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-1904LOWCVSS 3.5v8.0.0.0v8.0.1.0+7 more2015-08-01
CVE-2015-1904 [LOW] CWE-264 CVE-2015-1904: IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5 IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) uploa
nvd
CVE-2015-1905MEDIUMCVSS 4.0v7.5.0.0v7.5.0.1+11 more2015-07-21
CVE-2015-1905 [MEDIUM] CWE-264 CVE-2015-1905: The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5 The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors.
nvd
CVE-2015-1906LOWCVSS 3.5v7.5.0.0v7.5.0.1+12 more2015-07-21
CVE-2015-1906 [LOW] CWE-79 CVE-2015-1906: Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-1961CRITICALCVSS 9.0v7.5.0.0v7.5.0.1+11 more2015-07-13
CVE-2015-1961 [CRITICAL] CWE-284 CVE-2015-1961: The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5 The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
nvd
CVE-2015-1884MEDIUMCVSS 4.0v7.5.0.0v7.5.0.1+11 more2015-06-28
CVE-2015-1884 [MEDIUM] CWE-22 CVE-2015-1884: Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
nvd
CVE-2015-0193LOWCVSS 3.5v7.5.0.0v7.5.0.1+11 more2015-05-30
CVE-2015-0193 [LOW] CWE-79 CVE-2015-0193: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2 Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.
nvd
CVE-2015-0156LOWCVSS 3.5v7.5.0.0v7.5.0.1+12 more2015-05-25
CVE-2015-0156 [LOW] CWE-79 CVE-2015-0156: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2 Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-0106MEDIUMCVSS 4.3v7.5.0.0v7.5.0.1+11 more2015-03-24
CVE-2015-0106 [MEDIUM] CWE-79 CVE-2015-0106: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2 Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-0158MEDIUMCVSS 4.3v8.0.0.0v8.0.1.0+6 more2015-03-24
CVE-2015-0158 [MEDIUM] CWE-79 CVE-2015-0158: Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager ( Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-0105MEDIUMCVSS 4.3v8.0.0.0v8.0.1.0+6 more2015-03-24
CVE-2015-0105 [MEDIUM] CWE-79 CVE-2015-0105: Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2015-0103LOWCVSS 3.5v8.0.0.0v8.0.1.0+6 more2015-03-24
CVE-2015-0103 [LOW] CWE-79 CVE-2015-0103: Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Ma Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields.
nvd
CVE-2014-6139MEDIUMCVSS 4.0v8.0.1.3v8.5.0.1+1 more2015-02-13
CVE-2014-6139 [MEDIUM] CWE-264 CVE-2014-6139: The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote auth The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter.
nvd
CVE-2014-8913LOWCVSS 3.5v8.0.0.0v8.0.1.0+6 more2015-01-21
CVE-2014-8913 [LOW] CWE-79 CVE-2014-8913: Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 t Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.
nvd
CVE-2014-8914LOWCVSS 3.5v8.0.0.0v8.0.1.0+6 more2015-01-21
CVE-2014-8914 [LOW] CVE-2014-8914: Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 t Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913.
nvd
CVE-2014-6173LOWCVSS 3.5v8.0.0.0v8.0.1.0+6 more2014-12-19
CVE-2014-6173 [LOW] CWE-79 CVE-2014-6173: Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (B Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd
CVE-2014-6182MEDIUMCVSS 4.0v8.0.0.0v8.0.1.0+6 more2014-12-17
CVE-2014-6182 [MEDIUM] CWE-22 CVE-2014-6182: Directory traversal vulnerability in an export function in the Process Center in IBM Business Proces Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.
nvd
CVE-2014-4844MEDIUMCVSS 6.5v7.5.0.0v7.5.0.1+10 more2014-12-17
CVE-2014-4844 [MEDIUM] CWE-264 CVE-2014-4844: The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x t The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit.
nvd
CVE-2014-6176MEDIUMCVSS 4.3v7.5.0.0v7.5.0.1+10 more2014-12-16
CVE-2014-6176 [MEDIUM] CWE-310 CVE-2014-6176: IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions
nvd
CVE-2014-6101MEDIUMCVSS 4.3v7.5.0.0v7.5.0.1+10 more2014-10-31
CVE-2014-6101 [MEDIUM] CWE-79 CVE-2014-6101: Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manag Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
nvd
← Previous4 / 5Next →