Lucene search

IBMF6E75D52FE8DC970973B904827384D9849FBE66ECDA35966C1B96A8056F7EBE2

HistorySep 14, 2022 - 3:02 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2019-4279)

2022-09-1415:02:20

www.ibm.com

ibm websphere application server

security vulnerability

cve-2019-4279

ibm business automation workflow

ibm business process manager

remote code execution

affected products

installation instructions

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.176 Low

EPSS

Percentile

96.2%

JSON

Summary

WebSphere Application Server is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin: Remote code execution in WebSphere Application Server ND (CVE-2019-4279) for vulnerability details and information about fixes.

Affected Products and Versions

- IBM Business Automation Workflow V18.0.0.0 through V19.0.0.1

- IBM Business Process Manager Enterprise Service Bus V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03

- IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03

- IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

- IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

- IBM Business Process Manager V8.5.5.0

- IBM Business Process Manager V8.5.0.0 through V8.5.0.2

Note that Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Affected configurations

Vulners

Node

ibmbusiness_automation_workflowMatch18.0.0.0

ibmbusiness_automation_workflowMatch18.0.0.1

ibmbusiness_automation_workflowMatch18.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.1

ibmbusiness_process_managerMatch8.6.0.

ibmbusiness_process_managerMatch201803

ibmbusiness_process_managerMatch8.6.0.

ibmbusiness_process_managerMatch201712

ibmbusiness_process_managerMatch8.6

ibmbusiness_process_managerMatch8.6.0.express

ibmbusiness_process_managerMatch201803express

ibmbusiness_process_managerMatch8.6.0.express

ibmbusiness_process_managerMatch201712express

ibmbusiness_process_managerMatch8.6express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201706express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201703express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201612express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201609express

ibmbusiness_process_managerMatch8.5.7.express

ibmbusiness_process_managerMatch201606express

ibmbusiness_process_managerMatch8.5.7express

ibmbusiness_process_managerMatch8.5.6.2express

ibmbusiness_process_managerMatch8.5.6.1express

ibmbusiness_process_managerMatch8.5.6express

ibmbusiness_process_managerMatch8.5.5express

ibmbusiness_process_managerMatch8.5.0.2express

ibmbusiness_process_managerMatch8.5.0.1express

ibmbusiness_process_managerMatch8.5express