Lucene search

IBM1A698BA7085BA7114DD0CA2CEAAF7FA830FC8173A70608E6F0C5E0CF3021C63E

HistorySep 14, 2022 - 3:02 p.m.

Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

2022-09-1415:02:20

www.ibm.com

ibm

java runtime

vulnerability

process designer

business automation workflow

business process manager

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

0.004 Low

EPSS

Percentile

73.5%

JSON

Summary

A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Products	Versions
IBM Business Automation Workflow	18.0.0.0 - 19.0.0.3
IBM Business Process Manager	8.6.0.0 - 8.6.0.0 CF2018.03
IBM Business Process Manager	8.5.0.0 - 8.5.7 2017.06

Remediation/Fixes

Install interim fix JR61679 for your version:

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_automation_workflowMatch18.0.0.1

ibmbusiness_automation_workflowMatch19.0.0.3

ibmbusiness_process_managerMatch8.5.0standard

ibmbusiness_process_managerMatch8.5.7standard

ibmbusiness_process_managerMatch2017.06standard

ibmbusiness_process_managerMatch8.5.0advanced

ibmbusiness_process_managerMatch8.5.7advanced

ibmbusiness_process_managerMatch2017.06advanced

ibmbusiness_process_managerMatch8.6advanced

ibmbusiness_process_managerMatch2018.03advanced

ibmbusiness_process_managerMatch8.5.0express

ibmbusiness_process_managerMatch8.5.7express

ibmbusiness_process_managerMatch2017.06express

ibmbusiness_process_managerMatch8.6express

ibmbusiness_process_managerMatch2018.03express

ibmbusiness_process_managerMatch8.6

ibmbusiness_process_managerMatch2018.03

CPENameOperatorVersion
ibm business automation workfloweq18.0.0.1
ibm business automation workfloweq19.0.0.3
ibm business process manager standardeq8.5.0
ibm business process manager standardeq8.5.7
ibm business process manager standardeq2017.06
ibm business process manager advancedeq8.5.0
ibm business process manager advancedeq8.5.7
ibm business process manager advancedeq2017.06
ibm business process manager advancedeq8.6
ibm business process manager advancedeq8.6

Name	Operator	Version
ibm business automation workflow	eq	18.0.0.1
ibm business automation workflow	eq	19.0.0.3
ibm business process manager standard	eq	8.5.0
ibm business process manager standard	eq	8.5.7
ibm business process manager standard	eq	2017.06
ibm business process manager advanced	eq	8.5.0
ibm business process manager advanced	eq	8.5.7
ibm business process manager advanced	eq	2017.06
ibm business process manager advanced	eq	8.6
ibm business process manager advanced	eq	8.6