Ibm: >> Business Process Manager >> 8.6.0.0 Security Vulnerabilities
Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-03-30
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-03-30
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-03-30
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-01-24
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-11-27
Page 4