Medium Severity

Security Bulletin: SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4479)

Share this post:

IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Business Process Manager 8.5.7.0 – 8.5.7.0 2017.06
IBM Business Process Manager 8.6.0.0 – 8.6.0.0 CF2018.03
IBM Business Automation Workflow 18.0.0.1 – 19.0.0.3

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/3552261

More stories

Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow – CVE-2020-4757, PSIRT-ADV0028011, CVE-2020-4934

May 17, 2021 8:00 pm EDT | Medium Severity

The embedded IBM Content Navigator, that is shipped with IBM Business Automation Workflow is vulnerable to several security vulnerabilities. ...read more


Security Bulletin: Guava Google Core Libraries Vulnerability Affects IBM Control Center (CVE-2020-8908)

May 14, 2021 8:01 pm EDT | Medium Severity

Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability. ...read more


Security Bulletin: IBM InfoSphere DataStage is affected by an Information disclosure vulnerability

May 14, 2021 8:01 pm EDT | Medium Severity

An Information disclosure vulnerability in IBM InfoSphere DataStage was addressed. ...read more