CVE-2019-4425

moderate-risk

Published 2019-08-20

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.

Do I need to act?

-

0.26% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.7/10 Medium

NETWORK / LOW complexity

Affected Products (15)

Business Automation Workflow

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Business Process Manager

Affected Vendors

Ibm

References (4)

Broken Link https://exchange.xforce.ibmcloud.com/vulnerabilities/162771

Vendor Advisory https://www.ibm.com/support/docview.wss?uid=ibm10959261

Broken Link https://exchange.xforce.ibmcloud.com/vulnerabilities/162771

Vendor Advisory https://www.ibm.com/support/docview.wss?uid=ibm10959261

41

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate