Home Unlabelled IBM Security Bulletin: Blind SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (CVE-2018-1674)

IBM Security Bulletin: Blind SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (CVE-2018-1674)

By
Wednesday, September 19, 2018
Read
Add Comment

Sep 19, 2018 9:00 am EDT

Categorized: Medium Severity

Share this post:

IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to blind SQL injection due to insufficient validation of user-provided input in an API.

CVE(s): CVE-2018-1674

Affected product(s) and affected version(s):

– IBM Business Process Manager V8.5.0.0 through V8.5.0.2

– IBM Business Process Manager V8.5.5.0

– IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

– IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

– IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03

– IBM Business Automation Workflow V18.0.0.0 through V18.0.0.1 (released 2018.07)

The issue was introduced in the 8.5.0.x code stream. Earlier versions are not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10720035
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/145109



from IBM Product Security Incident Response Team https://ift.tt/2xnEkVW
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us