Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:business_process_manager:8.5.5.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-3087 |
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: August 17, 2014; 7:55:06 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-3076 |
IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an unspecified JSP diagnostic page. Published: August 11, 2014; 6:55:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0957 |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure. Published: July 17, 2014; 8:55:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |