Filtered by vendor Ibm Subscriptions
Filtered by product Websphere Subscriptions
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-28775 1 Ibm 1 Websphere 2024-11-21 4.4 Medium
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648.
CVE-2018-1848 1 Ibm 3 Business Automation Workflow, Business Process Manager, Websphere 2024-11-21 N/A
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150947.
CVE-2017-1756 1 Ibm 3 Business Process Manager, Business Process Manager Enterprise Service Bus, Websphere 2024-11-21 N/A
IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.
CVE-2016-9693 1 Ibm 2 Business Process Manager, Websphere 2024-11-21 N/A
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.
CVE-2015-1884 1 Ibm 2 Business Process Manager, Websphere 2024-11-21 N/A
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via a crafted internationalization-file URL.
CVE-2015-0193 1 Ibm 2 Business Process Manager, Websphere 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL that triggers an error condition.
CVE-2015-0156 1 Ibm 2 Business Process Manager, Websphere 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.