Security Bypass in IBM Business Process Manager and Workflow Products
CVE-2020-4446

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
6 May 2020

Summary

IBM Business Process Manager versions 8.0, 8.5, and 8.6, along with IBM Business Automation Workflow versions 18.0 and 19.0, are susceptible to a vulnerability that permits remote attackers to bypass security restrictions. This issue arises from inadequate authorization checks, which could enable unauthorized individuals to exploit the affected products and access sensitive information. Prompt remediation is crucial to secure these systems and maintain data integrity.

Affected Version(s)

Business Automation Workflow 18.0.0.0

Business Automation Workflow 19.0.0.1

Business Process Manager Standard 8.5.5

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.