cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2015-7454,https://securityvulnerability.io/vulnerability/CVE-2015-7454,,"Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.",IBM,Websphere Process Server,4.3,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2016-03-21T14:00:00.000Z,0
CVE-2015-7441,https://securityvulnerability.io/vulnerability/CVE-2015-7441,,"Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.",IBM,"Business Process Manager,Websphere Process Server",6.8,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2016-01-01T00:00:00.000Z,0
CVE-2014-4758,https://securityvulnerability.io/vulnerability/CVE-2014-4758,,IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.,IBM,"Websphere Application Server,Business Process Manager",,,0.0010600000387057662,false,,false,false,false,,,false,false,,2014-09-04T10:00:00.000Z,0
CVE-2014-3075,https://securityvulnerability.io/vulnerability/CVE-2014-3075,,Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.,IBM,"Websphere Application Server,Business Process Manager",,,0.0008200000156648457,false,,false,false,false,,,false,false,,2014-09-04T10:00:00.000Z,0
CVE-2014-3087,https://securityvulnerability.io/vulnerability/CVE-2014-3087,,"callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",IBM,"Websphere Application Server,Business Process Manager",,,0.0011399999493733048,false,,false,false,false,,,false,false,,2014-08-17T23:55:00.000Z,0
CVE-2014-0957,https://securityvulnerability.io/vulnerability/CVE-2014-0957,,"Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.",IBM,"Websphere Application Server,Business Process Manager",,,0.0019000000320374966,false,,false,false,false,,,false,false,,2014-07-18T01:00:00.000Z,0
CVE-2009-0507,https://securityvulnerability.io/vulnerability/CVE-2009-0507,,"IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member.",IBM,Websphere Process Server,,,0.0013299999991431832,false,,false,false,false,,,false,false,,2009-02-26T16:00:00.000Z,0