Improper Access Control in IBM Business Process Manager and Automation Workflow
CVE-2021-38900

4.9MEDIUM

Key Information:

Vendor
IBM
Status
Business Automation Workflow
Cloud Pak For Automation
Vendor
CVE Published:
21 December 2021

Summary

IBM Business Process Manager and IBM Business Automation Workflow are affected by an issue that allows privileged users to bypass access controls and potentially gain access to sensitive information. This vulnerability stems from inadequate enforcement of access permissions, which could expose critical data to unauthorized users. Organizations utilizing these products should review their security configurations and implement available patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

Business Automation Workflow 18.0.0.0

Business Automation Workflow 18.0.0.1

Business Automation Workflow 18.0.0.2

References

https://www.ibm.com/support/pages/node/6527776
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6528296
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/209607
vdb-entryx_refsource_XF

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.