CVE-2019-4424

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/162770	VDB Entry Vendor Advisory
https://www.ibm.com/support/docview.wss?uid=ibm10959537	Vendor Advisory

Configuration 1

cpe:2.3:a:ibm:business_process_manager:8.5.5.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2016.12:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2017.06:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2017.03:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2016.09:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.7.0:cf2016.06:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.7.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.6.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.6.0.0:-:*:*:-:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf01:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.5.6.0:cf02:*:*:*:*:*:* cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf2017.12:*:*:-:*:*:* cpe:2.3:a:ibm:business_process_manager:8.6.0.0:cf2018.03:*:*:-:*:*:*

---

Published : 2019-08-20 08:15

Updated : 2022-12-02 10:33

---

NVD link : CVE-2019-4424

Mitre link : CVE-2019-4424

No products.

CWE-611

Improper Restriction of XML External Entity Reference