National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ibm:business_process_manager:8.0.1.3::~~-~~~
There are 22 matching records.
Displaying matches 21 through 22.
Vuln ID Summary CVSS Severity
CVE-2014-6182

Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL.

Published: December 16, 2014; 07:59:01 PM -05:00
    V2: 4.0 MEDIUM
CVE-2014-4802

The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search.

Published: October 07, 2014; 06:55:04 AM -04:00
    V2: 4.0 MEDIUM