Описание
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf1:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf2:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2017.06:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf2018.03:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00188
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.
EPSS
Процентиль: 41%
0.00188
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo