CVE-2018-1885: Infoleak
First published: Mon Apr 08 2019(Updated: )
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Business Automation Workflow | =18.0.0.0 | |
| IBM Business Automation Workflow | =18.0.0.1 | |
| IBM Business Automation Workflow | =18.0.0.2 | |
| IBM Business Process Manager | >=7.5.0.0<=7.5.1.2 | |
| IBM Business Process Manager | >=8.0.0.0<=8.0.1.3 | |
| IBM Business Process Manager | >=8.5.0.0<=8.5.0.2 | |
| IBM Business Process Manager | =8.5.5.0 | |
| IBM Business Process Manager | =8.5.6.0 | |
| IBM Business Process Manager | =8.5.6.0-cf1 | |
| IBM Business Process Manager | =8.5.6.0-cf2 | |
| IBM Business Process Manager | =8.5.7.0 | |
| IBM Business Process Manager | =8.5.7.0-cf2017.06 | |
| IBM Business Process Manager | =8.6.0.0 | |
| IBM Business Process Manager | =8.6.0.0-cf2018.03 | |
| Ibm Business Process Manager Enterprise Service Bus | =8.6 | |
| Ibm Websphere Enterprise Service Bus | >=7.0.0.0<=7.5.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-1885?
The severity of CVE-2018-1885 is medium with a CVSS score of 5.3.
How can an attacker exploit CVE-2018-1885?
An unauthenticated attacker can exploit CVE-2018-1885 by sending a specially crafted HTTP request to obtain sensitive information.
Which versions of IBM Business Automation Workflow are affected by CVE-2018-1885?
IBM Business Automation Workflow versions 18.0.0.0, 18.0.0.1, and 18.0.0.2 are affected by CVE-2018-1885.
What is the CWE category of CVE-2018-1885?
CVE-2018-1885 belongs to the CWE category 200 (Information Exposure).
Where can I find more information about CVE-2018-1885?
You can find more information about CVE-2018-1885 at the following references: [1] [2] [3]
- collector/nvd-index
- vendor/ibm
- canonical/ibm business automation workflow
- version/ibm business automation workflow/18.0.0.0
- version/ibm business automation workflow/18.0.0.1
- version/ibm business automation workflow/18.0.0.2
- canonical/ibm business process manager
- version/ibm business process manager/7.5.0.0
- version/ibm business process manager/7.5.1.2
- version/ibm business process manager/8.0.0.0
- version/ibm business process manager/8.0.1.3
- version/ibm business process manager/8.5.0.0
- version/ibm business process manager/8.5.0.2
- version/ibm business process manager/8.5.5.0
- version/ibm business process manager/8.5.6.0
- version/ibm business process manager/8.5.6.0-cf1
- version/ibm business process manager/8.5.6.0-cf2
- version/ibm business process manager/8.5.7.0
- version/ibm business process manager/8.5.7.0-cf2017.06
- version/ibm business process manager/8.6.0.0
- version/ibm business process manager/8.6.0.0-cf2018.03
- canonical/ibm business process manager enterprise service bus
- version/ibm business process manager enterprise service bus/8.6
- canonical/ibm websphere enterprise service bus
- version/ibm websphere enterprise service bus/7.0.0.0
- version/ibm websphere enterprise service bus/7.5.1.2