CVE-2018-1674SQL Injection in IBM Business Process Manager

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA6.3
EPSS
0.3%
top 48.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Business Process ManagerIBM Business Automation Workflow
Timeline
PublishedSep 20
Latest updateMay 13

Description

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDibm/business_process_manager8.5.0.08.5.0.2+4
CVEListV5ibm/business_process_manager18 versions+17
NVDibm/business_automation_workflow18.0.0.0, 18.0.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-4rp7-9cmg-pcqp: IBM Business Process Manager 82022-05-13
CVEList
CVE-2018-1674: IBM Business Process Manager 82018-09-20
CVE-2018-1674 — SQL Injection in IBM | cvebase