PT-2020-11013 · Ibm · Ibm Business Process Manager+1
Published
2020-02-27
·
Updated
2020-02-28
·
CVE-2019-4669
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Business Process Manager versions 8.5.7.0 through 8.5.7.0 2017.06
IBM Business Process Manager versions 8.6.0.0 through 8.6.0.0 CF2018.03
IBM Business Automation Workflow versions 18.0.0.1 through 19.0.0.3
Description
The issue allows a remote attacker to send specially-crafted SQL statements, potentially enabling the attacker to view, add, modify, or delete information in the back-end database.
Recommendations
For IBM Business Process Manager versions 8.5.7.0 through 8.5.7.0 2017.06, update to a version outside of this range to resolve the issue.
For IBM Business Process Manager versions 8.6.0.0 through 8.6.0.0 CF2018.03, update to a version outside of this range to resolve the issue.
For IBM Business Automation Workflow versions 18.0.0.1 through 19.0.0.3, update to a version outside of this range to resolve the issue.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Business Automation Workflow
Ibm Business Process Manager