Insecure Credential Transmission in IBM Business Automation Workflow and Process Manager
CVE-2021-29753

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Business Process Manager; Business Automation Workflow
Vendor: CVE Published:; 5 November 2021

What is CVE-2021-29753?

A vulnerability exists in IBM Business Automation Workflow and IBM Business Process Manager, where authentication credentials are transmitted or stored using insecure methods. This flaw exposes sensitive information to unauthorized interception and retrieval, increasing the risk of credential theft and potential compromise of secure systems. It is crucial for organizations using these products to implement appropriate security measures to mitigate this vulnerability.

Affected Version(s)

Business Automation Workflow 18.0

Business Automation Workflow 19.0

Business Automation Workflow 20.0

References

https://www.ibm.com/support/pages/node/6513703

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/201919

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2021
Vulnerability Reserved
Mar 31, 2021