SQL Injection Vulnerability in IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1

SQL Injection Vulnerability in IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1

CVE-2018-1674 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.