CVE-2019-4424

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.

Published : 2019-08-20 20:15 Updated : 2019-10-09 23:50

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Ibm Business Automation Workflow 18.0.0.0 cpe:/a:ibm:business_automation_workflow:18.0.0.0
Ibm Business Automation Workflow 18.0.0.1 cpe:/a:ibm:business_automation_workflow:18.0.0.1
Ibm Business Automation Workflow 18.0.0.2 cpe:/a:ibm:business_automation_workflow:18.0.0.2
Ibm Business Automation Workflow 19.0.0.1 cpe:/a:ibm:business_automation_workflow:19.0.0.1
Ibm Business Process Manager 7.5.0.0 cpe:/a:ibm:business_process_manager:7.5.0.0
Ibm Business Process Manager 7.5.0.0 cpe:/a:ibm:business_process_manager:7.5.0.0::~~advanced~~~
Ibm Business Process Manager 7.5.0.0 cpe:/a:ibm:business_process_manager:7.5.0.0::~~express~~~
Ibm Business Process Manager 7.5.0.0 cpe:/a:ibm:business_process_manager:7.5.0.0::~~standard~~~
Ibm Business Process Manager 7.5.0.1 cpe:/a:ibm:business_process_manager:7.5.0.1
Ibm Business Process Manager 7.5.0.1 cpe:/a:ibm:business_process_manager:7.5.0.1::~~advanced~~~
Ibm Business Process Manager 7.5.0.1 cpe:/a:ibm:business_process_manager:7.5.0.1::~~express~~~
Ibm Business Process Manager 7.5.0.1 cpe:/a:ibm:business_process_manager:7.5.0.1::~~standard~~~
Ibm Business Process Manager 7.5.1.0 cpe:/a:ibm:business_process_manager:7.5.1.0
Ibm Business Process Manager 7.5.1.0 cpe:/a:ibm:business_process_manager:7.5.1.0::~~advanced~~~
Ibm Business Process Manager 7.5.1.0 cpe:/a:ibm:business_process_manager:7.5.1.0::~~express~~~
Ibm Business Process Manager 7.5.1.0 cpe:/a:ibm:business_process_manager:7.5.1.0::~~standard~~~
Ibm Business Process Manager 7.5.1.1 cpe:/a:ibm:business_process_manager:7.5.1.1
Ibm Business Process Manager 7.5.1.1 cpe:/a:ibm:business_process_manager:7.5.1.1::~~advanced~~~
Ibm Business Process Manager 7.5.1.1 cpe:/a:ibm:business_process_manager:7.5.1.1::~~express~~~
Ibm Business Process Manager 7.5.1.1 cpe:/a:ibm:business_process_manager:7.5.1.1::~~standard~~~
Ibm Business Process Manager 7.5.1.2 cpe:/a:ibm:business_process_manager:7.5.1.2
Ibm Business Process Manager 7.5.1.2 cpe:/a:ibm:business_process_manager:7.5.1.2::~~advanced~~~
Ibm Business Process Manager 7.5.1.2 cpe:/a:ibm:business_process_manager:7.5.1.2::~~express~~~
Ibm Business Process Manager 7.5.1.2 cpe:/a:ibm:business_process_manager:7.5.1.2::~~standard~~~
Ibm Business Process Manager 8.0.0.0 cpe:/a:ibm:business_process_manager:8.0.0.0
Ibm Business Process Manager 8.0.0.0 cpe:/a:ibm:business_process_manager:8.0.0.0::~~advanced~~~
Ibm Business Process Manager 8.0.0.0 cpe:/a:ibm:business_process_manager:8.0.0.0::~~express~~~
Ibm Business Process Manager 8.0.0.0 cpe:/a:ibm:business_process_manager:8.0.0.0::~~standard~~~
Ibm Business Process Manager 8.0.1.0 cpe:/a:ibm:business_process_manager:8.0.1.0
Ibm Business Process Manager 8.0.1.0 cpe:/a:ibm:business_process_manager:8.0.1.0::~~advanced~~~
Ibm Business Process Manager 8.0.1.0 cpe:/a:ibm:business_process_manager:8.0.1.0::~~express~~~
Ibm Business Process Manager 8.0.1.0 cpe:/a:ibm:business_process_manager:8.0.1.0::~~standard~~~
Ibm Business Process Manager 8.0.1.1 cpe:/a:ibm:business_process_manager:8.0.1.1
Ibm Business Process Manager 8.0.1.1 cpe:/a:ibm:business_process_manager:8.0.1.1::~~advanced~~~
Ibm Business Process Manager 8.0.1.1 cpe:/a:ibm:business_process_manager:8.0.1.1::~~express~~~
Ibm Business Process Manager 8.0.1.1 cpe:/a:ibm:business_process_manager:8.0.1.1::~~standard~~~
Ibm Business Process Manager 8.0.1.2 cpe:/a:ibm:business_process_manager:8.0.1.2
Ibm Business Process Manager 8.0.1.2 cpe:/a:ibm:business_process_manager:8.0.1.2::~~advanced~~~
Ibm Business Process Manager 8.0.1.2 cpe:/a:ibm:business_process_manager:8.0.1.2::~~express~~~
Ibm Business Process Manager 8.0.1.2 cpe:/a:ibm:business_process_manager:8.0.1.2::~~standard~~~
Ibm Business Process Manager 8.0.1.3 cpe:/a:ibm:business_process_manager:8.0.1.3::~~advanced~~~
Ibm Business Process Manager 8.0.1.3 cpe:/a:ibm:business_process_manager:8.0.1.3::~~express~~~
Ibm Business Process Manager 8.0.1.3 cpe:/a:ibm:business_process_manager:8.0.1.3::~~standard~~~
Ibm Business Process Manager 8.5.0.0 cpe:/a:ibm:business_process_manager:8.5.0.0
Ibm Business Process Manager 8.5.0.0 cpe:/a:ibm:business_process_manager:8.5.0.0::~~advanced~~~
Ibm Business Process Manager 8.5.0.0 cpe:/a:ibm:business_process_manager:8.5.0.0::~~express~~~
Ibm Business Process Manager 8.5.0.0 cpe:/a:ibm:business_process_manager:8.5.0.0::~~standard~~~
Ibm Business Process Manager 8.5.0.1 cpe:/a:ibm:business_process_manager:8.5.0.1
Ibm Business Process Manager 8.5.0.1 cpe:/a:ibm:business_process_manager:8.5.0.1::~~advanced~~~
Ibm Business Process Manager 8.5.0.1 cpe:/a:ibm:business_process_manager:8.5.0.1::~~express~~~
Ibm Business Process Manager 8.5.0.1 cpe:/a:ibm:business_process_manager:8.5.0.1::~~standard~~~
Ibm Business Process Manager 8.5.0.2 cpe:/a:ibm:business_process_manager:8.5.0.2
Ibm Business Process Manager 8.5.0.2 cpe:/a:ibm:business_process_manager:8.5.0.2::~~advanced~~~
Ibm Business Process Manager 8.5.0.2 cpe:/a:ibm:business_process_manager:8.5.0.2::~~express~~~
Ibm Business Process Manager 8.5.0.2 cpe:/a:ibm:business_process_manager:8.5.0.2::~~standard~~~
Ibm Business Process Manager 8.5.5.0 cpe:/a:ibm:business_process_manager:8.5.5.0
Ibm Business Process Manager 8.5.6.0 cpe:/a:ibm:business_process_manager:8.5.6.0:-
Ibm Business Process Manager 8.5.6.0 cpe:/a:ibm:business_process_manager:8.5.6.0:cf01
Ibm Business Process Manager 8.5.6.0 cpe:/a:ibm:business_process_manager:8.5.6.0:cf02
Ibm Business Process Manager 8.5.7.0 cpe:/a:ibm:business_process_manager:8.5.7.0:-
Ibm Business Process Manager 8.5.7.0 cpe:/a:ibm:business_process_manager:8.5.7.0:cf2016.06
Ibm Business Process Manager 8.5.7.0 cpe:/a:ibm:business_process_manager:8.5.7.0:cf2016.09
Ibm Business Process Manager 8.5.7.0 cpe:/a:ibm:business_process_manager:8.5.7.0:cf2016.12
Ibm Business Process Manager 8.5.7.0 cpe:/a:ibm:business_process_manager:8.5.7.0:cf2017.03
Ibm Business Process Manager 8.5.7.0 cpe:/a:ibm:business_process_manager:8.5.7.0:cf2017.06
Ibm Business Process Manager 8.6.0.0 cpe:/a:ibm:business_process_manager:8.6.0.0:-:~~-~~~
Ibm Business Process Manager 8.6.0.0 cpe:/a:ibm:business_process_manager:8.6.0.0:cf2017.12:~~-~~~
Ibm Business Process Manager 8.6.0.0 cpe:/a:ibm:business_process_manager:8.6.0.0:cf2018.03:~~-~~~
  1. Ibm (2) Search CVE
    1. Business Process Manager (17) Search CVE
      1. 7.5.0.0
      2. 7.5.0.1
      3. 7.5.1.0
      4. 7.5.1.1
      5. 7.5.1.2
      6. 8.0.0.0
      7. 8.0.1.0
      8. 8.0.1.1
      9. 8.0.1.2
      10. 8.0.1.3
      11. 8.5.0.0
      12. 8.5.0.1
      13. 8.5.0.2
      14. 8.5.5.0
      15. 8.5.6.0
      16. 8.5.7.0
      17. 8.6.0.0
    2. Business Automation Workflow (4) Search CVE
      1. 18.0.0.0
      2. 18.0.0.1
      3. 18.0.0.2
      4. 19.0.0.1

CWE

ID Name Description Links
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE

History of changes

Date Event
2019-08-26 15:59
2019-08-20 21:15

New CVE