SQL Injection Vulnerability in IBM Business Process Manager
CVE-2018-1674

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager
Vendor: CVE Published:; 20 September 2018

🔔 Create IBM Vulnerability Alert

What is CVE-2018-1674?

IBM Business Process Manager versions 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are susceptible to SQL injection attacks, enabling remote adversaries to craft malicious SQL queries. This could allow them to potentially access, alter, or remove data within the back-end database, posing severe security risks. Organizations leveraging these versions must prioritize remediation to safeguard sensitive information from exploitation.

Affected Version(s)

Business Process Manager 8.5

Business Process Manager 8.5.0.1

Business Process Manager 8.5.5

References

http://www.securitytracker.com/id/1041717

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/145109

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10720035

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2018
Vulnerability Reserved
Dec 13, 2017

.

CVE-2018-1674 : SQL Injection Vulnerability in IBM Business Process Manager