Description
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.
CVSS breakdown
CVSS 3.0
Integrity
Low
Availability
Low
Attack Complexity
Low
User Interaction
None
Attack Vector
Network
Privileges Required
Low
Confidentiality
Low
Scope
Unchanged
RL
O
E
Unchanged
RC
Changed
Affected products
- ibm / business_automation_workflow18.0.0.1 – 18.0.0.1
- ibm / business_automation_workflow19.0.0.3 – 19.0.0.3
- ibm / Business Process Manager8.6.0.0 – 8.6.0.0
- ibm / Business Process Manager8.5.7.0 – 8.5.7.0
- ibm / Business Process Manager8.6.0.0.CF2018.03 – 8.6.0.0.CF2018.03
- ibm / Business Process Manager8.5.7.0.2017.06 – 8.5.7.0.2017.06