Ibm Business Process Manager Enterprise Service Bus vulnerabilities

CVE-2018-1885 [MEDIUM] CWE-200 CVE-2018-1885: IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated att IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.

CVE-2017-1765 [MEDIUM] CWE-200 CVE-2017-1765: IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.

CVE-2018-1384 [MEDIUM] CWE-79 CVE-2018-1384: IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows us IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.

CVE-2017-1756 [LOW] CWE-200 CVE-2017-1756: IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.