National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ibm:business_process_manager:8.0.1.0
There are 48 matching records.
Displaying matches 41 through 48.
Vuln ID Summary CVSS Severity
CVE-2014-6101

Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: October 31, 2014; 06:55:02 AM -04:00
    V2: 4.3 MEDIUM
CVE-2014-4802

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.

Published: October 07, 2014; 06:55:04 AM -04:00
    V2: 4.0 MEDIUM
CVE-2014-4758

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

Published: September 04, 2014; 06:55:07 AM -04:00
    V2: 4.0 MEDIUM
CVE-2014-3075

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

Published: September 04, 2014; 06:55:06 AM -04:00
    V2: 3.5 LOW
CVE-2014-3087

callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Published: August 17, 2014; 07:55:06 PM -04:00
    V2: 4.0 MEDIUM
CVE-2014-0957

Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.

Published: July 17, 2014; 08:55:04 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-0908

The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.

Published: April 10, 2014; 07:55:04 PM -04:00
    V2: 6.0 MEDIUM
CVE-2013-0581

Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) ProcessPortal/jsp/socialPortal/dashboard.jsp, (2) teamworks/executeServiceByName, (3) portal/jsp/viewAdHocReportWizard.do, or (4) rest/bpm/wle/v1/process.

Published: July 06, 2013; 09:57:33 AM -04:00
    V2: 3.5 LOW