CVE-2018-1674

Summary

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Process Manager8.5affected
IBMBusiness Process Manager8.5.0.1affected
IBMBusiness Process Manager8.5.5affected
IBMBusiness Process Manager8.5.6affected
IBMBusiness Process Manager8.5.7affected
IBMBusiness Process Manager8.6affected
IBMBusiness Process Manager8.6.0.CF201712affected
IBMBusiness Process Manager8.5.0.2affected
IBMBusiness Process Manager8.5.6.1affected
IBMBusiness Process Manager8.5.6.2affected
IBMBusiness Process Manager8.5.7.CF201606affected
IBMBusiness Process Manager8.5.7.CF201609affected
IBMBusiness Process Manager8.5.7.CF201612affected
IBMBusiness Process Manager8.5.7.CF201703affected
IBMBusiness Process Manager8.5.7.CF201706affected
IBMBusiness Process Manager8.6.0.CF201803affected
IBMBusiness Process Manager18.0.0.0affected
IBMBusiness Process Manager18.0.0.1affected

Weaknesses

  • Data Manipulation

ADP Enrichment

CVE Program Container

Additional References

References