Information Disclosure in IBM Business Automation Workflow and IBM Business Process Manager
CVE-2020-4531

5.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 September 2020

Summary

IBM Business Automation Workflow and IBM Business Process Manager contain a vulnerability that may allow remote attackers to access sensitive information. This is achieved when the system returns detailed technical error messages in the browser, potentially revealing information that can be exploited in further attacks. Ensuring that error messages do not expose sensitive data is crucial to maintaining the integrity and security of the system.

Affected Version(s)

Business Automation Workflow 18.0

Business Automation Workflow 19.0

Business Automation Workflow 20.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.