cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-4490,https://securityvulnerability.io/vulnerability/CVE-2020-4490,,"IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989",IBM,"Business Process Manager Advanced,Business Automation Workflow",5.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2020-05-29T13:15:00.000Z,0
CVE-2017-1494,https://securityvulnerability.io/vulnerability/CVE-2017-1494,,IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.,IBM,Business Process Manager Advanced,5.4,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2017-12-20T18:29:00.000Z,0
CVE-2017-1530,https://securityvulnerability.io/vulnerability/CVE-2017-1530,,"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409.",IBM,Business Process Manager Advanced,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-09-26T17:29:00.000Z,0
CVE-2017-1527,https://securityvulnerability.io/vulnerability/CVE-2017-1527,,"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.",IBM,Business Process Manager Advanced,8.1,HIGH,0.001990000018849969,false,,false,false,false,,,false,false,,2017-09-26T17:29:00.000Z,0
CVE-2017-1425,https://securityvulnerability.io/vulnerability/CVE-2017-1425,,IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.,IBM,Business Process Manager Advanced,5.4,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2017-09-26T17:29:00.000Z,0
CVE-2017-1531,https://securityvulnerability.io/vulnerability/CVE-2017-1531,,"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.",IBM,Business Process Manager Advanced,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-09-26T17:29:00.000Z,0
CVE-2017-1424,https://securityvulnerability.io/vulnerability/CVE-2017-1424,,IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.,IBM,Business Process Manager Advanced,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-09-25T16:29:00.000Z,0
CVE-2017-1539,https://securityvulnerability.io/vulnerability/CVE-2017-1539,,"IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.",IBM,Business Process Manager Advanced,8.8,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2017-09-22T00:00:00.000Z,0
CVE-2017-1140,https://securityvulnerability.io/vulnerability/CVE-2017-1140,,IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Business Process Manager Advanced,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2017-06-08T21:00:00.000Z,0
CVE-2017-1159,https://securityvulnerability.io/vulnerability/CVE-2017-1159,,"IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891.",IBM,Business Process Manager Advanced,5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2017-05-22T20:00:00.000Z,0
CVE-2016-9693,https://securityvulnerability.io/vulnerability/CVE-2016-9693,,"IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.",IBM,Business Process Manager Advanced,6.1,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2017-03-07T17:00:00.000Z,0
CVE-2016-9731,https://securityvulnerability.io/vulnerability/CVE-2016-9731,,IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.,IBM,Business Process Manager Advanced,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2017-02-01T20:00:00.000Z,0