IBM » Websphere Process Server : Security Vulnerabilities, CVEs, CVSS score >= 5
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
Max CVSS
5.4
EPSS Score
0.08%
Published
2018-03-30
Updated
2019-10-09
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.13%
Published
2016-01-01
Updated
2016-12-07
2 vulnerabilities found