cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-41735,https://securityvulnerability.io/vulnerability/CVE-2022-41735,IBM Business Process Manager cross-site scripting,"IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  65687.",IBM,Business Process Manager,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-12-07T16:40:29.374Z,0
CVE-2022-22361,https://securityvulnerability.io/vulnerability/CVE-2022-22361,Cross-Site Request Forgery in IBM Business Automation Workflow and Process Manager,"IBM Business Automation Workflow and Business Process Manager are susceptible to cross-site request forgery (CSRF), exposing users to the risk of attackers executing unauthorized commands on behalf of legitimate users. A successful exploit could lead to significant security breaches, allowing malicious interactions from trusted accounts without proper authorization.",IBM,"Business Process Manager,Business Automation Workflow",4.3,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2022-05-31T16:15:00.000Z,0
CVE-2021-39046,https://securityvulnerability.io/vulnerability/CVE-2021-39046,Data Exposure Flaw in IBM Business Automation Workflow and Business Process Manager,"IBM Business Automation Workflow and Business Process Manager exhibit a vulnerability where user credentials are stored in plaintext. This flaw allows privileged users to access sensitive information without encryption, creating significant risks to data confidentiality and system integrity. Organizations using these products should assess their security posture and implement enhancements to mitigate the risks associated with credential exposure.",IBM,"Business Automation Workflow,Business Process Manager",4.9,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-03-18T16:15:00.000Z,0
CVE-2021-38893,https://securityvulnerability.io/vulnerability/CVE-2021-38893,Stored Cross-Site Scripting in IBM Business Process Manager and Workflow,"IBM Business Process Manager versions 8.5 and 8.6, along with IBM Business Automation Workflow versions 18.0 to 21.0, are susceptible to a stored cross-site scripting vulnerability. This issue permits an attacker to insert arbitrary JavaScript code within the Web UI, which can modify the application's intended behavior. The consequence of this vulnerability could lead to unauthorized disclosure of user credentials during a trusted session, thereby compromising the security of sensitive data.",IBM,"Cloud Pak For Automation,Business Process Manager Standard",6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-12-21T19:15:00.000Z,0
CVE-2021-38883,https://securityvulnerability.io/vulnerability/CVE-2021-38883,Cross-Site Scripting Vulnerability in IBM Business Automation Workflow and Process Manager,"IBM Business Automation Workflow versions 18.0, 19.0, 20.0, and 21.0, along with IBM Business Process Manager versions 8.5 and 8.6, are subject to a cross-site scripting vulnerability. This flaw enables attackers to inject arbitrary JavaScript code into the web user interface, which could manipulate the application's functionality and lead to unintended actions, including the potential exposure of sensitive user credentials during a session deemed trustworthy. Organizations utilizing these software solutions should ensure immediate remediation measures are in place.",IBM,"Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-12-17T17:15:00.000Z,0
CVE-2021-29753,https://securityvulnerability.io/vulnerability/CVE-2021-29753,Insecure Credential Transmission in IBM Business Automation Workflow and Process Manager,"A vulnerability exists in IBM Business Automation Workflow and IBM Business Process Manager, where authentication credentials are transmitted or stored using insecure methods. This flaw exposes sensitive information to unauthorized interception and retrieval, increasing the risk of credential theft and potential compromise of secure systems. It is crucial for organizations using these products to implement appropriate security measures to mitigate this vulnerability.",IBM,"Business Process Manager,Business Automation Workflow",5.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2021-11-05T18:15:00.000Z,0
CVE-2021-29834,https://securityvulnerability.io/vulnerability/CVE-2021-29834,Stored Cross-Site Scripting in IBM Business Automation Workflow and Process Manager,"IBM Business Automation Workflow and IBM Business Process Manager are subject to a stored cross-site scripting vulnerability that allows malicious actors to inject arbitrary JavaScript into the web user interface. This flaw enables the manipulation of the application’s functionality, which can lead to credential disclosure during a trusted user session. Users may inadvertently unknowingly execute harmful scripts when interacting with the compromised web UI, posing significant risks to sensitive information.",IBM,"Business Automation Workflow,Business Process Manager",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-09-29T16:15:00.000Z,0
CVE-2021-29751,https://securityvulnerability.io/vulnerability/CVE-2021-29751,,"IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.",IBM,"Business Process Manager,Business Automation Workflow,Cloud Pak For Automation",3.1,LOW,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2020-4794,https://securityvulnerability.io/vulnerability/CVE-2020-4794,,"IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.",IBM,"Automation Workstream Services,Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2020-12-21T18:15:00.000Z,0
CVE-2020-4531,https://securityvulnerability.io/vulnerability/CVE-2020-4531,,"IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.",IBM,"Business Automation Workflow,Business Process Manager",5.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-09-25T17:15:00.000Z,0
CVE-2020-4530,https://securityvulnerability.io/vulnerability/CVE-2020-4530,,"IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714.",IBM,"Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-09-15T14:15:00.000Z,0
CVE-2020-4698,https://securityvulnerability.io/vulnerability/CVE-2020-4698,,"IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841.",IBM,"Business Process Manager,Business Automation Workflow",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-09-08T15:15:00.000Z,0
CVE-2020-4516,https://securityvulnerability.io/vulnerability/CVE-2020-4516,,"IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.",IBM,"Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-09-08T15:15:00.000Z,0
CVE-2020-4557,https://securityvulnerability.io/vulnerability/CVE-2020-4557,,"IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183611.",IBM,"Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-06-29T14:15:00.000Z,0
CVE-2020-4532,https://securityvulnerability.io/vulnerability/CVE-2020-4532,,"IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.",IBM,Business Process Manager Express,5.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-06-17T18:15:00.000Z,0
CVE-2020-4490,https://securityvulnerability.io/vulnerability/CVE-2020-4490,,"IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989",IBM,"Business Process Manager Advanced,Business Automation Workflow",5.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2020-05-29T13:15:00.000Z,0
CVE-2020-4446,https://securityvulnerability.io/vulnerability/CVE-2020-4446,,"IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126.",IBM,"Business Process Manager Standard,Business Automation Workflow",4.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2020-05-06T14:15:00.000Z,0
CVE-2019-4669,https://securityvulnerability.io/vulnerability/CVE-2019-4669,,"IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.",IBM,"Business Automation Workflow,Business Process Manager",6.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2020-02-27T16:15:00.000Z,0
CVE-2019-4149,https://securityvulnerability.io/vulnerability/CVE-2019-4149,,"IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158415.",IBM,"Business Automation Workflow,Business Process Manager",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2019-09-05T15:15:00.000Z,0
CVE-2018-1674,https://securityvulnerability.io/vulnerability/CVE-2018-1674,,"IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.",IBM,Business Process Manager,6.3,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2018-09-20T15:29:00.000Z,0
CVE-2018-1384,https://securityvulnerability.io/vulnerability/CVE-2018-1384,,IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.,IBM,Business Process Manager,5.4,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2018-03-30T16:29:00.000Z,0
CVE-2017-1756,https://securityvulnerability.io/vulnerability/CVE-2017-1756,,IBM Business Process Manager 8.6 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 135856.,IBM,Business Process Manager,4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-03-30T16:29:00.000Z,0
CVE-2017-1765,https://securityvulnerability.io/vulnerability/CVE-2017-1765,,IBM Business Process Manager 8.6 could allow an authenticated user with special privileges to reveal sensitive information about the application server. IBM X-Force ID: 136150.,IBM,Business Process Manager,3.1,LOW,0.0014700000174343586,false,,false,false,false,,,false,false,,2018-03-30T16:29:00.000Z,0
CVE-2017-1767,https://securityvulnerability.io/vulnerability/CVE-2017-1767,,IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136152.,IBM,Business Process Manager,5.4,MEDIUM,0.0011599999852478504,false,,false,false,false,,,false,false,,2018-03-30T16:29:00.000Z,0
CVE-2017-1766,https://securityvulnerability.io/vulnerability/CVE-2017-1766,,Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.,IBM,Business Process Manager,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-03-30T16:29:00.000Z,0