CVE-2019-4669: SQL Injection
First published: Wed Feb 12 2020(Updated: )
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Business Process Manager | =8.5.7.0 | |
| IBM Business Process Manager | =8.5.7.0-cf201606 | |
| IBM Business Process Manager | =8.5.7.0-cf201609 | |
| IBM Business Process Manager | =8.5.7.0-cf201612 | |
| IBM Business Process Manager | =8.5.7.0-cf201703 | |
| IBM Business Process Manager | =8.5.7.0-cf201706 | |
| IBM Business Process Manager | =8.6.0.0 | |
| IBM Business Process Manager | =8.6.0.0-cf2017.1 | |
| IBM Business Process Manager | =8.6.0.0-cf2018.03 | |
| IBM Business Automation Workflow | >=18.0.0.1<=19.0.0.3 | |
| IBM Business Process Manager | <=8.5.7.0 - 8.5.7.0 2017.06 | |
| IBM Business Process Manager | <=8.6.0.0 - 8.6.0.0 CF2018.03 | |
| IBM Business Automation Workflow | <=18.0.0.1 - 19.0.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID CVE-2019-4669?
The vulnerability ID CVE-2019-4669 refers to a SQL injection vulnerability in IBM Business Process Manager and IBM Business Automation Workflow.
How can a remote attacker exploit CVE-2019-4669?
A remote attacker can exploit CVE-2019-4669 by sending specially-crafted SQL statements to the vulnerable system.
What is the severity of CVE-2019-4669?
The severity of CVE-2019-4669 is medium with a CVSS score of 6.3.
Which versions of IBM Business Process Manager are affected by CVE-2019-4669?
IBM Business Process Manager versions 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow versions 18.0.0.1 through 19.0.0.3 are affected by CVE-2019-4669.
How can I fix CVE-2019-4669?
To fix CVE-2019-4669, users should apply the necessary security patches provided by IBM.
- collector/nvd-index
- collector/ibm-support
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/ibm
- canonical/ibm business process manager
- version/ibm business process manager/8.5.7.0
- version/ibm business process manager/8.5.7.0-cf201606
- version/ibm business process manager/8.5.7.0-cf201609
- version/ibm business process manager/8.5.7.0-cf201612
- version/ibm business process manager/8.5.7.0-cf201703
- version/ibm business process manager/8.5.7.0-cf201706
- version/ibm business process manager/8.6.0.0
- version/ibm business process manager/8.6.0.0-cf2017.1
- version/ibm business process manager/8.6.0.0-cf2018.03
- canonical/ibm business automation workflow
- version/ibm business automation workflow/18.0.0.1
- version/ibm business automation workflow/19.0.0.3
- version/ibm business process manager/8.5.7.0 - 8.5.7.0 2017.06
- version/ibm business process manager/8.6.0.0 - 8.6.0.0 cf2018.03
- version/ibm business automation workflow/18.0.0.1 - 19.0.0.3