Vulnerability Details : CVE-2018-1999
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.
Vulnerability category: Information leak
Products affected by CVE-2018-1999
- IBM » Business Process ManagerVersions from including (>=) 8.0.0.0 and up to, including, (<=) 8.0.1.3cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*
- IBM » Business Process ManagerVersions from including (>=) 8.5.0.0 and up to, including, (<=) 8.5.0.2cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf1:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf2:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2017.06:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf2018.03:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1999
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 17 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1999
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
IBM Corporation |
CWE ids for CVE-2018-1999
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1999
-
https://www.ibm.com/support/docview.wss?uid=ibm10870502
IBM Security Bulletin: Information leakage in IBM Business Automation Workflow (CVE-2018-1999)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/154889
IBM Business Automation Workflow information disclosure CVE-2018-1999 Vulnerability ReportVendor Advisory;VDB Entry
Jump to