7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM Business Automation Workflow has addressed the following security vulnerabilities with the embedded Content Navigator. For more information, refer to the X-Force database entries referred to below.
CVEID: CVE-2019-4263 DESCRIPTION: IBM Content Navigator is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160015> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
CVSS Base Score: 5.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/166353> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-12402 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By persuading a victim to open specially crafted ZIP archive containing malicious input, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 4.3
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/165956> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
IBM Business Automation Workflow V18.0.0.1 through V19.0.0.2
Note: CVE-2019-4263 does not affect IBM Business Automation Workflow V19.0.0.2 or later.
Install interim fix JR61368 as appropriate for your current IBM Business Automation Workflow.
For IBM Business Automation Workflow V18.0.0.1 - V19.0.0.2
· Upgrade to at least IBM Business Automation Workflow V18.0.0.1 as required by iFix and then apply iFix JR61368
--OR–
· Apply cumulative fix IBM Business Automation Workflow V19.0.0.3 (latest recommended)
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm business automation workflow | eq | any |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P