Information Disclosure in IBM Business Automation Workflow and Process Manager
CVE-2021-29751
3.1LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 28 June 2021
Summary
An authenticated user in nondefault configurations of IBM Business Automation Workflow and IBM Business Process Manager can gain access to sensitive information regarding other users. This vulnerability presents a risk where privacy and data security could be compromised, allowing unauthorized access to personal data and sensitive user information.
Affected Version(s)
Business Automation Workflow 18.0
Business Automation Workflow 19.0
Business Automation Workflow 20.0
References
CVSS V3.1
Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved