IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P
Vendors Products
Ibm
  • Business Automation Workflow
  • Business Process Manager

Configuration 1 [-]

OR cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf2:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf2:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf2:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf201803:*:*:express:*:*:*
References
Link Resource
http://www.securitytracker.com/id/1041717 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/145109 VDB Entry Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10720035 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2018-09-19T00:00:00

Updated: 2018-09-27T09:57:01

Reserved: 2017-12-13T00:00:00

Link: CVE-2018-1674

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2018-09-20T15:29:00.303

Modified: 2019-10-09T23:38:52.150

Link: CVE-2018-1674

JSON object: View

cve-icon Redhat Information

No data.

CWE