Ibm Business Process Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Business Process Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (88)
CVE-2015-1961 — CVSS 9.0 (critical): The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through…
CVE-2017-1539 — CVSS 8.8 (high): IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group…
CVE-2017-1769 — CVSS 8.8 (high): IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and…
CVE-2019-4424 — CVSS 8.2 (high): IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection…
CVE-2017-1527 — CVSS 8.1 (high): IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A…
CVE-2015-7441 — CVSS 6.8 (medium): Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through…
CVE-2015-0110 — CVSS 6.5 (medium): IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated…
CVE-2022-22361 — CVSS 6.5 (medium): IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through…
CVE-2021-38900 — CVSS 6.5 (medium): IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to…
CVE-2014-4844 — CVSS 6.5 (medium): The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5…
CVE-2017-1628 — CVSS 6.5 (medium): IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect…
CVE-2016-0349 — CVSS 6.5 (medium): IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended…
CVE-2018-1674 — CVSS 6.3 (medium): IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send…
CVE-2019-4669 — CVSS 6.3 (medium): IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow…
CVE-2016-9693 — CVSS 6.1 (medium): IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an…
CVE-2015-0101 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5…
CVE-2020-4490 — CVSS 6.1 (medium): IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass…
CVE-2015-8524 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through…
CVE-2018-1848 — CVSS 6.1 (medium): IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed…
CVE-2014-0908 — CVSS 6.0 (medium): The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through…
CVE-2021-29753 — CVSS 5.9 (medium): IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication…
CVE-2019-4425 — CVSS 5.7 (medium): IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another…
CVE-2019-4149 — CVSS 5.4 (medium): IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix…
CVE-2016-0227 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through…
CVE-2016-3056 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and…
CVE-2016-5901 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative…
CVE-2016-9731 — CVSS 5.4 (medium): IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in…
CVE-2017-1140 — CVSS 5.4 (medium): IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2017-1159 — CVSS 5.4 (medium): IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By…
CVE-2017-1424 — CVSS 5.4 (medium): IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript…
CVE-2017-1425 — CVSS 5.4 (medium): IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2017-1494 — CVSS 5.4 (medium): IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2017-1530 — CVSS 5.4 (medium): IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2017-1531 — CVSS 5.4 (medium): IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2017-1767 — CVSS 5.4 (medium): IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2018-1384 — CVSS 5.4 (medium): IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code…
CVE-2019-4204 — CVSS 5.4 (medium): IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability…
CVE-2019-4410 — CVSS 5.4 (medium): IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability…
CVE-2020-4516 — CVSS 5.4 (medium): IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting…
CVE-2020-4530 — CVSS 5.4 (medium): IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This…
CVE-2020-4557 — CVSS 5.4 (medium): IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting…
CVE-2020-4698 — CVSS 5.4 (medium): IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site…
CVE-2020-4794 — CVSS 5.4 (medium): IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process…
CVE-2021-29834 — CVSS 5.4 (medium): IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business…
CVE-2021-38883 — CVSS 5.4 (medium): IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site…
CVE-2021-38893 — CVSS 5.4 (medium): IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site…
CVE-2020-4531 — CVSS 5.3 (medium): IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to…
CVE-2020-4532 — CVSS 5.3 (medium): IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could…
CVE-2018-1885 — CVSS 5.3 (medium): IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information…
CVE-2014-3076 — CVSS 5.0 (medium): IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote attackers to obtain potentially sensitive information by visiting an…
CVE-2021-39046 — CVSS 4.9 (medium): IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain…
CVE-2015-0106 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through…
CVE-2020-4446 — CVSS 4.3 (medium): IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass…
CVE-2017-1766 — CVSS 4.3 (medium): Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to…
CVE-2014-0957 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows…
CVE-2014-6101 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5…
CVE-2018-1997 — CVSS 4.3 (medium): IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service…
CVE-2018-1999 — CVSS 4.3 (medium): IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error…
CVE-2018-2000 — CVSS 4.3 (medium): IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute…
CVE-2019-4045 — CVSS 4.3 (medium): IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management…
CVE-2015-0105 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through…
CVE-2015-0158 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through…
CVE-2021-29751 — CVSS 4.3 (medium): IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to…
CVE-2015-7463 — CVSS 4.3 (medium): IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete…
CVE-2014-6176 — CVSS 4.3 (medium): IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x…
CVE-2015-7454 — CVSS 4.3 (medium): Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x…
CVE-2014-3087 — CVSS 4.0 (medium): callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote…
CVE-2014-6182 — CVSS 4.0 (medium): Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3…
CVE-2017-1756 — CVSS 4.0 (medium): IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID…
CVE-2014-6139 — CVSS 4.0 (medium): The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended…
CVE-2015-1884 — CVSS 4.0 (medium): Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through…
CVE-2015-1905 — CVSS 4.0 (medium): The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through…
CVE-2014-4802 — CVSS 4.0 (medium): The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly…
CVE-2014-4759 — CVSS 4.0 (medium): An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote…
CVE-2014-4758 — CVSS 4.0 (medium): IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass…
CVE-2015-1906 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through…
CVE-2015-0193 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x…
CVE-2013-0581 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow…
CVE-2015-0103 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0…
CVE-2014-3075 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x…
CVE-2014-6173 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x…
CVE-2014-8914 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1…
CVE-2015-0156 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x…
CVE-2015-1904 — CVSS 3.5 (low): IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when…
CVE-2014-8913 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1…
CVE-2015-4955 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through…
CVE-2017-1765 — CVSS 3.1 (low): IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the…
CVE-2017-1346 — CVSS 2.5 (low): IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read…