Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm business process manager 8.5 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-1674
IBM Business Process Manager 8.5 up to and including 8.6 and 18.0.0.0 up to and including 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the malicious user to view, add, modify or delete information in th...
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.6.0
Ibm Business Process Manager
Ibm Business Process Manager 8.5.7.0
Ibm Business Automation Workflow 18.0.0.1
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Process Manager 8.6.0.0
8.8
CVSSv3
CVE-2017-1539
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 13080...
Ibm Business Process Manager 7.5.0.0
Ibm Business Process Manager 7.5.0.1
Ibm Business Process Manager 7.5.1.0
Ibm Business Process Manager 7.5.1.1
Ibm Business Process Manager 8.0.1.0
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.5.6.0
Ibm Business Process Manager 8.5.6.1
Ibm Business Process Manager 7.5.1.2
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.5.0.2
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.6.2
Ibm Business Process Manager 8.5.7.0
8.1
CVSSv3
CVE-2017-1527
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.
Ibm Business Process Manager 7.5.0.1
Ibm Business Process Manager 7.5.1.0
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 8.0.1.0
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.6.0
Ibm Business Process Manager 7.5.0.0
Ibm Business Process Manager 7.5.1.1
Ibm Business Process Manager 7.5.1.2
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.5.0.2
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.6.1
Ibm Business Process Manager 8.5.7.0
Ibm Business Process Manager 8.5.6.2
6.5
CVSSv3
CVE-2021-38900
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.
Ibm Business Process Manager 8.5.0.0
Ibm Business Automation Workflow 18.0.0.1
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 18.0.0.2
Ibm Business Process Manager 8.6.0.0
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Automation Workflow 20.0.0.0
Ibm Business Automation Workflow 19.0.0.1
Ibm Business Automation Workflow 21.0.0.0
Ibm Workflow Process Service 21.0.2
6.5
CVSSv3
CVE-2015-0110
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
Ibm Business Process Manager 7.5.1.0
Ibm Business Process Manager 7.5.1.1
Ibm Business Process Manager 7.5.1.2
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 7.5.0.1
Ibm Business Process Manager 8.0.1.0
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 7.5.0.0
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.0.1.3
Ibm Websphere Application Server 7.2.0.0
Ibm Websphere Application Server 7.2.0.2
Ibm Websphere Application Server 7.2.0.4
Ibm Websphere Application Server 7.2.0.1
Ibm Websphere Application Server 7.2.0.3
Ibm Websphere Application Server 7.2.0.5
6.1
CVSSv3
CVE-2020-4490
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote malicious user to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishin...
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.6.0.0
6.1
CVSSv3
CVE-2015-0101
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x prior to 7.5, 8.0.x prior to 8.0.1, 8.5.x prior to 8.5.5; IBM Business Process Manager Express 7.5.x prior to 7.5, 8.0.x prior to 8.0.1, 8.5.x prior to 8.5.5; and IBM Business Process Manager ...
Ibm Business Process Manager 7.5.0.1
Ibm Business Process Manager 7.5
Ibm Business Process Manager 8.5.5
Ibm Business Process Manager 8.0
Ibm Business Process Manager 7.5.1.1
Ibm Business Process Manager 8.5
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.0.1
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 7.5.1.2
Ibm Business Process Manager 7.5.1
6.1
CVSSv3
CVE-2016-9693
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload...
Ibm Business Process Manager 7.5.0.0
Ibm Business Process Manager 7.5.1.0
Ibm Business Process Manager 7.5.1.2
Ibm Business Process Manager 8.0.1.0
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.0.2
Ibm Business Process Manager 8.5.6.0
Ibm Business Process Manager 8.5.7.0
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.6.2
Ibm Business Process Manager 7.5.0.1
Ibm Business Process Manager 7.5.1.1
Ibm Business Process Manager 8.0.0.0
Ibm Websphere 7.2
Ibm Websphere 7.2.0.1
Ibm Websphere 7.2.0.4
Ibm Websphere 7.2.0.5
Ibm Websphere 7.2.0.2
5.9
CVSSv3
CVE-2021-29753
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Automation Workflow 20.0.0.0
Ibm Business Automation Workflow 21.0.0.0
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.6.0.0
5.4
CVSSv3
CVE-2021-38893
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potenti...
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Automation Workflow 20.0.0.0
Ibm Business Automation Workflow 21.0.0.0
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.7.0
Ibm Business Process Manager 8.6.0.0
Ibm Workflow Process Service 21.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »