Security Bypass in IBM Business Process Manager and Workflow Products
CVE-2020-4446

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager Standard; Business Automation Workflow
Vendor: CVE Published:; 6 May 2020

Summary

IBM Business Process Manager versions 8.0, 8.5, and 8.6, along with IBM Business Automation Workflow versions 18.0 and 19.0, are susceptible to a vulnerability that permits remote attackers to bypass security restrictions. This issue arises from inadequate authorization checks, which could enable unauthorized individuals to exploit the affected products and access sensitive information. Prompt remediation is crucial to secure these systems and maintain data integrity.

Affected Version(s)

Business Automation Workflow 18.0.0.0

Business Automation Workflow 19.0.0.1

Business Process Manager Standard 8.5.5

References

https://www.ibm.com/support/pages/node/6205805

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/181126

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2020
Vulnerability Reserved
Dec 30, 2019