Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-4669

Опубликовано: 27 фев. 2020
Источник: nvd
CVSS3: 6.3
CVSS3: 6.3
CVSS2: 6.5
EPSS Низкий

Описание

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_process_manager:8.5.7.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201606:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201609:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201612:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201703:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf201706:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf2017.1:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf2018.03:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:*:*:*:*
Версия от 18.0.0.1 (включая) до 19.0.0.3 (включая)

EPSS

Процентиль: 50%
0.00265
Низкий

6.3 Medium

CVSS3

6.3 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

github логотип

GHSA-r67h-45wp-63r3

github
больше 3 лет назад

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.

EPSS

Процентиль: 50%
0.00265
Низкий

6.3 Medium

CVSS3

6.3 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89