Ibm Websphere Process Server vulnerabilities

5 known vulnerabilities affecting ibm/websphere_process_server.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM5

Vulnerabilities

Page 1 of 1

CVE-2018-1384MEDIUMCVSS 5.4v7.0v7.0.0.1+4 more2018-03-30

CVE-2018-1384 [MEDIUM] CWE-79 CVE-2018-1384: IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows us IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.

CVE-2015-7454MEDIUMCVSS 4.3v6.1.2v6.1.2.1+12 more2016-03-21

CVE-2015-7454 [MEDIUM] CWE-264 CVE-2015-7454: Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspec

CVE-2015-7441MEDIUMCVSS 6.8v7.02016-01-01

CVE-2015-7441 [MEDIUM] CWE-17 CVE-2015-7441: Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data

CVE-2014-6176MEDIUMCVSS 4.3v7.02014-12-16

CVE-2014-6176 [MEDIUM] CWE-310 CVE-2014-6176: IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions

CVE-2009-0507MEDIUMCVSS 4.0≤ 6.1.2.2≤ 6.2+2 more2009-02-26

CVE-2009-0507 [MEDIUM] CWE-16 CVE-2009-0507: IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly res IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via

Ibm Websphere Process Server vulnerabilities | cvebase