cve-2018-1384
Vulnerability from cvelistv5
Published
2018-03-30 16:00
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22012604 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/103681 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1040624 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22012604 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103681 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040624 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/138135 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | IBM | Business Process Manager |
Version: 8.6 Version: 8.6.0.CF201712 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"name": "1040624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
},
{
"name": "103681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Business Process Manager",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.6"
},
{
"status": "affected",
"version": "8.6.0.CF201712"
}
]
}
],
"datePublic": "2018-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-07T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"name": "1040624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
},
{
"name": "103681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-03-24T00:00:00",
"ID": "CVE-2018-1384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Process Manager",
"version": {
"version_data": [
{
"version_value": "8.6"
},
{
"version_value": "8.6.0.CF201712"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22012604",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22012604"
},
{
"name": "1040624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040624"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138135"
},
{
"name": "103681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1384",
"datePublished": "2018-03-30T16:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T21:07:34.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"91BDDE54-95C6-4E95-9427-D83E61355E3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"8057C7D0-978D-490B-BE80-597A2CB27A77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"3DEBE193-CDE1-406C-9042-4085AA0EED8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"EF781F2F-05FB-4DBD-8BC1-98A630CD375A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"0F1442C9-ED96-40C5-BE20-987C928BAD9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"E71AC948-9F71-403E-8035-172D5F667B54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"E77872E9-D66C-47FF-AA1D-7764D65997A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"7B3D03C8-B7F4-43AF-9270-555507AAC527\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"E69BBEFA-B321-4085-AEA1-BAE2B0B54524\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"BE4F0900-83C3-4228-9F3B-2664C1C816F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"9942841D-3E36-4159-AA5A-B534CB701B6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"7A1FCB4E-DC46-4780-9017-1E8E789E785F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"19B921EC-DE16-4A2B-BB29-B02A9B416470\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"66A4A455-A75B-4363-AC6D-DAD50287EB99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"240E404A-0420-4731-8DFE-076746B14807\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"66327978-D257-4ADE-8AEA-22547B0E4541\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"8F88ED9A-7D7F-4C1F-87AA-555C941DE583\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"E5105E85-7A37-4A2D-9C56-955B7A414560\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"F2D29466-67FB-4096-9F5C-1CE4C6E9388F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"33424F24-7A35-489A-B1B8-BEEBC165CDE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"A9BD1DCB-5A74-4131-818F-62B6D6350D52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:advanced:*:*:*\", \"matchCriteriaId\": \"B6807E40-534F-475E-89CA-9D8D84E501C1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30F4C3D8-D127-4C97-8837-ACB1FA2AC600\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"D791CC09-7B93-4C03-8CAC-1CCBFDEE411B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96EF038F-B61D-4457-A4F5-D28B25CD789E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"A4D3CB63-ED2B-40C5-865F-20F106CAB338\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A859CE4E-4D03-46AF-BDAD-5724D794D8FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"B62C841B-5684-405E-AEA1-FA31BC163AF2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDC509CE-026D-480B-8642-F01230B29D08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"5DA247C2-A301-4436-BBB0-0F262A1D4755\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"383B2DD8-EAE0-4B87-AFDE-06725E0B597A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"50CABC1F-B01F-4AAF-A53A-2D326E4877F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42BEFE4F-A1AB-4687-AC0E-25D211F7DDEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"1A06D42D-8310-493C-811A-D6129459C636\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53D6B550-D36A-4D7A-BB32-90FDE51B715B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"2405A890-14B6-4C4C-AB6A-761B3E5A5DD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"317ECC62-26CD-4BB9-ADF2-5FE34C29B402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"5AC5FF0C-F31C-4CFD-9BCF-12CDAF2E6B0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14114411-E698-4CAC-81AC-4C1C1BA5B325\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"703DAE30-BE7D-450F-96FD-714834BD839C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6495401F-9B68-4416-A908-746DAA9E2A42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"BEAFB6E4-2BD6-44D9-B951-4CFD6224CF67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BC6FF2F-8095-446D-8445-DD28C6C5158C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:registry:*:*:*\", \"matchCriteriaId\": \"190CDCBB-87F5-4F1A-B744-49E4C01470F4\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"116EA95E-3845-4045-9E9D-F370D6D48A5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1278C0A9-D694-4E1A-8C58-E22995B346B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98B87B46-4C5C-4894-A840-D5354E0519B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18B56787-8A91-46DD-ACAB-59C8439A2815\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68E45D5B-C0AE-41CB-BF07-B4692F0062D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF76BE59-BBBD-42D9-96EA-5974CC489F8F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF3FE592-6983-4C3C-8552-B38735CB2D25\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"A7B3E6D1-ADB3-4709-9E02-779EAA7A05E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"16617000-4388-43EF-AE14-8C108068155F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"05B6C389-9332-4C33-A3AD-270A54AC564E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"17E42B0A-0947-4799-993F-CBF8A84EBD4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"50B6287C-5A45-46B7-A685-93D1CBA0CC83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"FE68791B-B7AE-4715-810E-0C278E5C363F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"00CC8270-5ABE-428C-9090-16EC8298E50C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"A05F59A1-3063-45ED-B1E8-AABC4FC0A807\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"60F679C8-74FB-40F5-A5B8-FBD6BF424379\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"0DDE4CB3-1162-4A51-8EBA-2A25E8B6898B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"8FE10C1D-2077-435A-8C14-2746A685681C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"EE43BACD-D187-49C9-85D1-51E3F71D2274\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"8578A0D7-3330-4F79-A934-4940673383A4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"80D84C06-5E93-4DA4-A333-D3CECB7D74E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"D06A925E-C739-48A9-B211-36DE458A7898\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"28D39434-BC55-40CC-B02C-68C272C67013\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"ADE7414F-BF17-4415-95C3-FDBC2BC5C7A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"8736CAA3-7C69-4F8D-936B-2B7B3B5DEED2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:express:*:*:*\", \"matchCriteriaId\": \"54C2CBF0-838B-4F7F-9E63-25053EC6D2E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:express:*:*:*\", \"matchCriteriaId\": \"0D6B3497-1C02-43C0-8B73-9289F7FC00A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:express:*:*:*\", \"matchCriteriaId\": \"7B136A70-552E-4545-853A-BAFD0919D52C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:express:*:*:*\", \"matchCriteriaId\": \"94F5B156-9994-4A1A-A552-FA4108908883\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:express:*:*:*\", \"matchCriteriaId\": \"BD42A0F7-540B-4673-AD8C-373A424A27B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:express:*:*:*\", \"matchCriteriaId\": \"542E8F0D-8326-48E1-9D72-C61EF104573D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf201712:*:*:express:*:*:*\", \"matchCriteriaId\": \"837E1B12-4B58-46E6-910F-7BAC4FB47216\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"1D338AF3-8FE6-4E51-B961-344E157EECFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"E4B6A964-F948-4FAA-A6C7-41641AF12504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"07630F25-A03C-401D-A16A-51B63014C963\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"E95968B6-FF99-4234-9EC7-6EAA9C7DA753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"3693DBD8-F30F-44D0-A154-4C268120D7C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"37281A0A-3BE1-4B22-840F-65CA7B8AB360\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"446C4FEE-DDB7-41C5-BC9B-7E6B08B074BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"3FC25EB0-CA22-4176-8752-8BD26B111F2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"7C097D2E-5BB7-4979-A755-E928094A92C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"021FABA7-6B97-4511-8E07-B7A34A387493\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"F6E31F25-6E71-4A5C-A940-0A935AF19035\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"F646DABB-4C10-4308-8169-EC42C358CF41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"CC44A2D4-F3D3-4D98-8FDC-8274E1725800\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"DF7E8429-8750-4D3C-90E1-829031C7C306\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"12DA4BA4-D130-48C2-BCD0-8D76E0BADDBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"570E9DFF-F991-4D14-87F4-F7FE9554E58D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"E590C058-EC80-48FB-87C7-3F84E2BC07E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*\", \"matchCriteriaId\": \"CD9103EF-29E7-48E6-ADF4-66D74C3FF427\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:standard:*:*:*\", \"matchCriteriaId\": \"A30BF550-893B-4F5D-B128-157655B6F8AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:standard:*:*:*\", \"matchCriteriaId\": \"82E8F8FF-7C1E-4684-B479-BB3F8EA13B80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:standard:*:*:*\", \"matchCriteriaId\": \"25AFA35A-B7BC-430C-8AF9-73653E6D36B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:standard:*:*:*\", \"matchCriteriaId\": \"6E9348B4-025E-4A86-A3B5-616840F28B58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:standard:*:*:*\", \"matchCriteriaId\": \"1B8D6782-F9D8-4B89-8C1D-9BB8992BD89F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.\"}, {\"lang\": \"es\", \"value\": \"IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\\u00eda dar lugar a una revelaci\\u00f3n de credenciales en una sesi\\u00f3n de confianza. IBM X-Force ID: 138135.\"}]",
"id": "CVE-2018-1384",
"lastModified": "2024-11-21T03:59:43.507",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"psirt@us.ibm.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2018-03-30T16:29:00.420",
"references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22012604\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103681\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040624\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/138135\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg22012604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/138135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1384\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2018-03-30T16:29:00.420\",\"lastModified\":\"2024-11-21T03:59:43.507\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138135.\"},{\"lang\":\"es\",\"value\":\"IBM Business Process Manager 8.6 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 138135.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"91BDDE54-95C6-4E95-9427-D83E61355E3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"8057C7D0-978D-490B-BE80-597A2CB27A77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"3DEBE193-CDE1-406C-9042-4085AA0EED8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"EF781F2F-05FB-4DBD-8BC1-98A630CD375A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"0F1442C9-ED96-40C5-BE20-987C928BAD9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"E71AC948-9F71-403E-8035-172D5F667B54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"E77872E9-D66C-47FF-AA1D-7764D65997A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"7B3D03C8-B7F4-43AF-9270-555507AAC527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"E69BBEFA-B321-4085-AEA1-BAE2B0B54524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"BE4F0900-83C3-4228-9F3B-2664C1C816F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"9942841D-3E36-4159-AA5A-B534CB701B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"7A1FCB4E-DC46-4780-9017-1E8E789E785F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"19B921EC-DE16-4A2B-BB29-B02A9B416470\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"00DC7609-2519-4DB5-AA5E-A1CFCE0DA5A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"66A4A455-A75B-4363-AC6D-DAD50287EB99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"240E404A-0420-4731-8DFE-076746B14807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"66327978-D257-4ADE-8AEA-22547B0E4541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"8F88ED9A-7D7F-4C1F-87AA-555C941DE583\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"E5105E85-7A37-4A2D-9C56-955B7A414560\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"F2D29466-67FB-4096-9F5C-1CE4C6E9388F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"33424F24-7A35-489A-B1B8-BEEBC165CDE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"A9BD1DCB-5A74-4131-818F-62B6D6350D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"B6807E40-534F-475E-89CA-9D8D84E501C1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30F4C3D8-D127-4C97-8837-ACB1FA2AC600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.0:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"D791CC09-7B93-4C03-8CAC-1CCBFDEE411B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96EF038F-B61D-4457-A4F5-D28B25CD789E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.1:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"A4D3CB63-ED2B-40C5-865F-20F106CAB338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A859CE4E-4D03-46AF-BDAD-5724D794D8FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.2:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"B62C841B-5684-405E-AEA1-FA31BC163AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDC509CE-026D-480B-8642-F01230B29D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.3:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"5DA247C2-A301-4436-BBB0-0F262A1D4755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"383B2DD8-EAE0-4B87-AFDE-06725E0B597A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.4:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"50CABC1F-B01F-4AAF-A53A-2D326E4877F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42BEFE4F-A1AB-4687-AC0E-25D211F7DDEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.0.0.5:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"1A06D42D-8310-493C-811A-D6129459C636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53D6B550-D36A-4D7A-BB32-90FDE51B715B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.0:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"2405A890-14B6-4C4C-AB6A-761B3E5A5DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"317ECC62-26CD-4BB9-ADF2-5FE34C29B402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.0.1:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"5AC5FF0C-F31C-4CFD-9BCF-12CDAF2E6B0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14114411-E698-4CAC-81AC-4C1C1BA5B325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.0:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"703DAE30-BE7D-450F-96FD-714834BD839C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6495401F-9B68-4416-A908-746DAA9E2A42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.1:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"BEAFB6E4-2BD6-44D9-B951-4CFD6224CF67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC6FF2F-8095-446D-8445-DD28C6C5158C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_enterprise_service_bus:7.5.1.2:*:*:*:registry:*:*:*\",\"matchCriteriaId\":\"190CDCBB-87F5-4F1A-B744-49E4C01470F4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_process_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"116EA95E-3845-4045-9E9D-F370D6D48A5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_process_server:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1278C0A9-D694-4E1A-8C58-E22995B346B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_process_server:7.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B87B46-4C5C-4894-A840-D5354E0519B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_process_server:7.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18B56787-8A91-46DD-ACAB-59C8439A2815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_process_server:7.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68E45D5B-C0AE-41CB-BF07-B4692F0062D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_process_server:7.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF76BE59-BBBD-42D9-96EA-5974CC489F8F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager_enterprise_service_bus:8.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF3FE592-6983-4C3C-8552-B38735CB2D25\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"A7B3E6D1-ADB3-4709-9E02-779EAA7A05E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"16617000-4388-43EF-AE14-8C108068155F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"05B6C389-9332-4C33-A3AD-270A54AC564E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"17E42B0A-0947-4799-993F-CBF8A84EBD4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"50B6287C-5A45-46B7-A685-93D1CBA0CC83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"FE68791B-B7AE-4715-810E-0C278E5C363F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"00CC8270-5ABE-428C-9090-16EC8298E50C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"A05F59A1-3063-45ED-B1E8-AABC4FC0A807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"60F679C8-74FB-40F5-A5B8-FBD6BF424379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"0DDE4CB3-1162-4A51-8EBA-2A25E8B6898B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"8FE10C1D-2077-435A-8C14-2746A685681C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"EE43BACD-D187-49C9-85D1-51E3F71D2274\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"8578A0D7-3330-4F79-A934-4940673383A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"80D84C06-5E93-4DA4-A333-D3CECB7D74E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"D06A925E-C739-48A9-B211-36DE458A7898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"28D39434-BC55-40CC-B02C-68C272C67013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"ADE7414F-BF17-4415-95C3-FDBC2BC5C7A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"8736CAA3-7C69-4F8D-936B-2B7B3B5DEED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:express:*:*:*\",\"matchCriteriaId\":\"54C2CBF0-838B-4F7F-9E63-25053EC6D2E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:express:*:*:*\",\"matchCriteriaId\":\"0D6B3497-1C02-43C0-8B73-9289F7FC00A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:express:*:*:*\",\"matchCriteriaId\":\"7B136A70-552E-4545-853A-BAFD0919D52C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:express:*:*:*\",\"matchCriteriaId\":\"94F5B156-9994-4A1A-A552-FA4108908883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:express:*:*:*\",\"matchCriteriaId\":\"BD42A0F7-540B-4673-AD8C-373A424A27B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:express:*:*:*\",\"matchCriteriaId\":\"542E8F0D-8326-48E1-9D72-C61EF104573D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf201712:*:*:express:*:*:*\",\"matchCriteriaId\":\"837E1B12-4B58-46E6-910F-7BAC4FB47216\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.0.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"1D338AF3-8FE6-4E51-B961-344E157EECFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.0.1:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"E4B6A964-F948-4FAA-A6C7-41641AF12504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"07630F25-A03C-401D-A16A-51B63014C963\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.1:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"E95968B6-FF99-4234-9EC7-6EAA9C7DA753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:7.5.1.2:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"3693DBD8-F30F-44D0-A154-4C268120D7C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"37281A0A-3BE1-4B22-840F-65CA7B8AB360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"446C4FEE-DDB7-41C5-BC9B-7E6B08B074BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"3FC25EB0-CA22-4176-8752-8BD26B111F2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"7C097D2E-5BB7-4979-A755-E928094A92C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.0.1.3:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"021FABA7-6B97-4511-8E07-B7A34A387493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"F6E31F25-6E71-4A5C-A940-0A935AF19035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.1:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"F646DABB-4C10-4308-8169-EC42C358CF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.0.2:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"CC44A2D4-F3D3-4D98-8FDC-8274E1725800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"DF7E8429-8750-4D3C-90E1-829031C7C306\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"12DA4BA4-D130-48C2-BCD0-8D76E0BADDBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.1:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"570E9DFF-F991-4D14-87F4-F7FE9554E58D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.6.2:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"E590C058-EC80-48FB-87C7-3F84E2BC07E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*\",\"matchCriteriaId\":\"CD9103EF-29E7-48E6-ADF4-66D74C3FF427\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:standard:*:*:*\",\"matchCriteriaId\":\"A30BF550-893B-4F5D-B128-157655B6F8AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:standard:*:*:*\",\"matchCriteriaId\":\"82E8F8FF-7C1E-4684-B479-BB3F8EA13B80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:standard:*:*:*\",\"matchCriteriaId\":\"25AFA35A-B7BC-430C-8AF9-73653E6D36B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:standard:*:*:*\",\"matchCriteriaId\":\"6E9348B4-025E-4A86-A3B5-616840F28B58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:standard:*:*:*\",\"matchCriteriaId\":\"1B8D6782-F9D8-4B89-8C1D-9BB8992BD89F\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22012604\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103681\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040624\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/138135\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg22012604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/138135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.