CVE-2018-1999

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ibmCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/S:U/UI:N/AC:L/C:L/PR:L/A:N/I:N/RC:C/E:U/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
ibmbusiness_automation_workflow
18.0.0.0
ibmbusiness_automation_workflow
18.0.0.1
ibmbusiness_automation_workflow
18.0.0.2
ibmbusiness_process_manager
8.0.0.0 ≤
𝑥
≤ 8.0.1.3
ibmbusiness_process_manager
8.5.0.0 ≤
𝑥
≤ 8.5.0.2
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.0:cf1
ibmbusiness_process_manager
8.5.6.0:cf2
ibmbusiness_process_manager
8.5.7.0
ibmbusiness_process_manager
8.5.7.0:cf2017.06
ibmbusiness_process_manager
8.6.0.0
ibmbusiness_process_manager
8.6.0.0:cf2018.03
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/154889
https://www.ibm.com/support/docview.wss?uid=ibm10870502
https://exchange.xforce.ibmcloud.com/vulnerabilities/154889
https://www.ibm.com/support/docview.wss?uid=ibm10870502