First published: Mon Apr 08 2019(Updated: )
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =18.0.0.1 | |
IBM Business Automation Workflow | =18.0.0.2 | |
IBM Business Process Manager | =8.5.5.0 | |
IBM Business Process Manager | =8.5.6.0 | |
IBM Business Process Manager | =8.5.6.0-cf1 | |
IBM Business Process Manager | =8.5.6.0-cf2 | |
IBM Business Process Manager | =8.5.7.0 | |
IBM Business Process Manager | =8.5.7.0-cf2017.06 | |
IBM Business Process Manager | =8.6.0.0 | |
IBM Business Process Manager | =8.6.0.0-cf2018.03 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1997 is a vulnerability in IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 that allows an authenticated attacker to perform a denial of service attack by sending a specially crafted request that exhausts server-side memory.
IBM Business Automation Workflow versions 18.0.0.0, 18.0.0.1, and 18.0.0.2 are affected by CVE-2018-1997.
IBM Business Process Manager versions 8.5.5.0, 8.5.6.0, 8.5.7.0, and 8.6.0.0 are affected by CVE-2018-1997.
The severity of CVE-2018-1997 is medium, with a CVSS score of 6.5.
To fix CVE-2018-1997, it is recommended to apply the necessary patches provided by IBM. Please refer to the IBM Security Bulletin for more information.