CVE-2021-29751

LOW3.1

Description

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.

CVSS breakdown

CVSS 3.0

Confidentiality

Low

User Interaction

None

Scope

Unchanged

Attack Vector

Network

Privileges Required

Low

Integrity

None

Attack Complexity

High

Availability

None

Unchanged

Changed

Affected products

ibm / business_automation_workflow19.0 – 19.0
ibm / business_automation_workflow18.0 – 18.0
ibm / business_automation_workflow20.0 – 20.0
ibm / Business Process Manager8.5 – 8.5
ibm / Business Process Manager8.6 – 8.6
ibm / Cloud Pak for Automation21.0.1 – 21.0.1
ibm / Cloud Pak for Automation20.0.3.IF002 – 20.0.3.IF002

References

MISChttps://www.ibm.com/support/pages/node/6465127
MISChttps://www.ibm.com/support/pages/node/6467055
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/201779