VYPR

WebSphere Lombardi Edition

by IBM

CVEs (10)

  • CVE-2015-0110MedSep 15, 2017
    IBM
    Websphere Application Server
    risk 0.42cvss 6.5epss 0.00

    IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.

  • CVE-2015-1884Jun 28, 2015
    IBM
    Business Process Manager
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary…

  • CVE-2015-0193May 30, 2015
    IBM
    Business Process Manager
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or…

  • CVE-2015-0156May 25, 2015
    IBM
    Business Process Manager
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or…

  • CVE-2015-0106Mar 24, 2015
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web…

  • CVE-2014-4758Sep 4, 2014
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.00

    IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

  • CVE-2014-3075Sep 4, 2014
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.

  • CVE-2014-3087Aug 17, 2014
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.00

    callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML…

  • CVE-2014-0957Jul 18, 2014
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager 7.5 through 8.5.5, and WebSphere Lombardi Edition 7.2, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a service failure.

  • CVE-2012-0707Feb 23, 2012
    IBM
    Websphere Application Server
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.