Information Disclosure Vulnerability in IBM Business Process Manager
CVE-2020-4532
5.3MEDIUM
Summary
IBM Business Automation Workflow and IBM Business Process Manager possess a vulnerability that may allow a remote attacker to access sensitive information through detailed technical error messages displayed in the browser. This leaked information could be leveraged for subsequent attacks on the system, posing a significant risk to security.
Affected Version(s)
Business Process Manager Express 8.6
Business Process Manager Express 8.5.7.CF201706
Business Process Manager Express 8.5.7.CF201703
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved