CVE-2018-2000 — Cross-Site Request Forgery in IBM Business Automation Workflow

CWE-352 — Cross-Site Request Forgery7 documents6 sources

Severity

8.8HIGHNVD

CNA4.3

EPSS

0.1%

top 64.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Automation Workflow IBM Business Process Manager

Timeline

PublishedApr 8

Latest updateMar 7

Description

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5ibm/business_automation_workflow18.0.0.0, 18.0.0.1+1

▶NVDibm/business_automation_workflow18.0.0.0, 18.0.0.1+1

▶NVDibm/business_process_manager8.6.0.0

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-j83f-fmmw-wc95: IBM Business Automation Workflow 18↗2022-05-13

▶

CVEList

CVE-2018-2000: IBM Business Automation Workflow 18↗2019-04-08

▶

💥Exploits & PoCs

Exploit-DB

Chamilo LMS 1.11.8 - Cross-Site Scripting↗2018-10-05

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2023-1231↗2023-03-07

▶

Chrome

Stable Channel Update for Desktop: CVE-2019-13739↗2019-12-10

▶