IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Business Process Manager | 8.5.7.0 – 8.5.7.0 2017.06 |
| IBM Business Process Manager | 8.6.0.0 – 8.6.0.0 CF2018.03 |
| IBM Business Automation Workflow | 18.0.0.1 – 19.0.0.3 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/3552261
The post Security Bulletin: SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4479) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2uCC3s2
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.