CVE-2018-1384

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:advanced:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:registry:*:*:*
cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:registry:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6.0.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf201712:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:express:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:standard:*:*:*

Information

Published : 2018-03-30 09:29

Updated : 2019-10-09 16:38


NVD link : CVE-2018-1384

Mitre link : CVE-2018-1384


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

ibm

  • websphere_enterprise_service_bus
  • business_process_manager_enterprise_service_bus
  • business_process_manager
  • websphere_process_server