Information Disclosure in IBM Business Automation Workflow and Process Manager
CVE-2021-29751

3.1LOW

Key Information:

Summary

An authenticated user in nondefault configurations of IBM Business Automation Workflow and IBM Business Process Manager can gain access to sensitive information regarding other users. This vulnerability presents a risk where privacy and data security could be compromised, allowing unauthorized access to personal data and sensitive user information.

Affected Version(s)

Business Automation Workflow 18.0

Business Automation Workflow 19.0

Business Automation Workflow 20.0

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.