Information Disclosure in IBM Business Automation Workflow and Process Manager
CVE-2021-29751

3.1LOW

Key Information:

Vendor
IBM
Status
Business Process Manager
Business Automation Workflow
Cloud Pak For Automation
Vendor
CVE Published:
28 June 2021

Summary

An authenticated user in nondefault configurations of IBM Business Automation Workflow and IBM Business Process Manager can gain access to sensitive information regarding other users. This vulnerability presents a risk where privacy and data security could be compromised, allowing unauthorized access to personal data and sensitive user information.

Affected Version(s)

Business Automation Workflow 18.0

Business Automation Workflow 19.0

Business Automation Workflow 20.0

References

https://www.ibm.com/support/pages/node/6465127
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6467055
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/201779
vdb-entryx_refsource_XF

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.