Lucene search

IBMDD1762469C24D28E6B72FA1FE0D6967931119D06E18FC147ED4A2FC63628E6AE

HistorySep 14, 2022 - 3:02 p.m.

Security Bulletin: CVE-2019-2989 vulnerabilitiy in IBM Java Runtime affects IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

2022-09-1415:02:20

www.ibm.com

ibm

java runtime

vulnerability

integration designer

business automation workflow

business process manager

cve-2019-2989

ibm sdk

oracle cpu

interim fix.

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

0.004 Low

EPSS

Percentile

73.5%

JSON

Summary

A vulnerabilitiy exists in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Products	Versions
Business Automation Workflow	V8.5.7
Business Automation Workflow	V19.0.0.2

Remediation/Fixes

This fix resolves the IBM SDK for JAVA CPU October 2019 issues, including Oracle October 2019 CPU.

Install interim fix JR61784 for your version:

IBM Integration Designer V19.0.0.2

IBM Integration Designer V8.5.7

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_process_managerMatch8.5.0

ibmbusiness_process_managerMatch8.5.7

ibmbusiness_process_managerMatch2017.06

ibmbusiness_process_managerMatch8.5.0

ibmbusiness_process_managerMatch8.5.7

ibmbusiness_process_managerMatch2017.06

ibmbusiness_process_managerMatch8.6

ibmbusiness_process_managerMatch2018.03

ibmbusiness_process_managerMatch8.5.0

ibmbusiness_process_managerMatch8.5.7

ibmbusiness_process_managerMatch2017.06

ibmbusiness_process_managerMatch8.6

ibmbusiness_process_managerMatch2018.03

CPENameOperatorVersion
ibm business process managereq8.5.0
ibm business process managereq8.5.7
ibm business process managereq2017.06
ibm business process managereq8.5.0
ibm business process managereq8.5.7
ibm business process managereq2017.06
ibm business process managereq8.6
ibm business process managereq8.6
ibm business process managereq2018.03
ibm business process managereq8.5.0

Name	Operator	Version
ibm business process manager	eq	8.5.0
ibm business process manager	eq	8.5.7
ibm business process manager	eq	2017.06
ibm business process manager	eq	8.5.0
ibm business process manager	eq	8.5.7
ibm business process manager	eq	2017.06
ibm business process manager	eq	8.6
ibm business process manager	eq	8.6
ibm business process manager	eq	2018.03
ibm business process manager	eq	8.5.0