First published: Mon Apr 08 2019(Updated: )
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =18.0.0.1 | |
IBM Business Automation Workflow | =18.0.0.2 | |
IBM Business Process Manager | >=7.5.0.0<=7.5.1.2 | |
IBM Business Process Manager | >=8.0.0.0<=8.0.1.3 | |
IBM Business Process Manager | >=8.5.0.0<=8.5.0.2 | |
IBM Business Process Manager | =8.5.5.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0-cf1 | |
IBM Business Process Manager | =8.5.6.0-cf2 | |
IBM Business Process Manager | =8.5.7.0 | |
IBM Business Process Manager | =8.5.7.0-cf2017.06 | |
IBM Business Process Manager | =8.6.0.0 | |
IBM Business Process Manager | =8.6.0.0-cf2018.03 | |
Ibm Business Process Manager Enterprise Service Bus | =8.6 | |
Ibm Websphere Enterprise Service Bus | >=7.0.0.0<=7.5.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-1885 is medium with a CVSS score of 5.3.
An unauthenticated attacker can exploit CVE-2018-1885 by sending a specially crafted HTTP request to obtain sensitive information.
IBM Business Automation Workflow versions 18.0.0.0, 18.0.0.1, and 18.0.0.2 are affected by CVE-2018-1885.
CVE-2018-1885 belongs to the CWE category 200 (Information Exposure).
You can find more information about CVE-2018-1885 at the following references: [1] [2] [3]