Ibm Websphere vulnerabilities
6 known vulnerabilities affecting ibm/websphere.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3LOW3
Vulnerabilities
Page 1 of 1
CVE-2018-1848MEDIUMCVSS 6.1≥ 7.2.0.0, ≤ 7.2.0.52018-12-14
CVE-2018-1848 [MEDIUM] CWE-79 CVE-2018-1848: IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This v
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947.
nvd
CVE-2017-1756LOWCVSS 3.3v7.2.0.0v7.2.0.1+4 more2018-03-30
CVE-2017-1756 [LOW] CWE-200 CVE-2017-1756: IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
nvd
CVE-2016-9693MEDIUMCVSS 6.1v7.2v7.2.0.1+4 more2017-03-07
CVE-2016-9693 [MEDIUM] CWE-20 CVE-2016-9693: IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. I
nvd
CVE-2015-1884MEDIUMCVSS 4.0v7.2v7.2.0.1+4 more2015-06-28
CVE-2015-1884 [MEDIUM] CWE-22 CVE-2015-1884: Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
nvd
CVE-2015-0193LOWCVSS 3.5v7.2v7.2.0.1+4 more2015-05-30
CVE-2015-0193 [LOW] CWE-79 CVE-2015-0193: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.
nvd
CVE-2015-0156LOWCVSS 3.5v7.2v7.2.0.1+4 more2015-05-25
CVE-2015-0156 [LOW] CWE-79 CVE-2015-0156: Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
nvd