Security Bypass in IBM Business Process Manager and Workflow Products
CVE-2020-4446
4.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 6 May 2020
Summary
IBM Business Process Manager versions 8.0, 8.5, and 8.6, along with IBM Business Automation Workflow versions 18.0 and 19.0, are susceptible to a vulnerability that permits remote attackers to bypass security restrictions. This issue arises from inadequate authorization checks, which could enable unauthorized individuals to exploit the affected products and access sensitive information. Prompt remediation is crucial to secure these systems and maintain data integrity.
Affected Version(s)
Business Automation Workflow 18.0.0.0
Business Automation Workflow 19.0.0.1
Business Process Manager Standard 8.5.5
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved