Information Disclosure in IBM Business Automation Workflow and IBM Business Process Manager
CVE-2020-4531
5.3MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 25 September 2020
Summary
IBM Business Automation Workflow and IBM Business Process Manager contain a vulnerability that may allow remote attackers to access sensitive information. This is achieved when the system returns detailed technical error messages in the browser, potentially revealing information that can be exploited in further attacks. Ensuring that error messages do not expose sensitive data is crucial to maintaining the integrity and security of the system.
Affected Version(s)
Business Automation Workflow 18.0
Business Automation Workflow 19.0
Business Automation Workflow 20.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved