Description
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.
CVSS breakdown
CVSS 3.0
Availability
None
Attack Vector
Network
Attack Complexity
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Privileges Required
High
Integrity
None
RC
Changed
E
Unchanged
RL
O
Affected products
- ibm / business_automation_workflow18.0.0.0 – 18.0.0.0
- ibm / business_automation_workflow18.0.0.1 – 18.0.0.1
- ibm / business_automation_workflow18.0.0.2 – 18.0.0.2
- ibm / business_automation_workflow19.0.0.1 – 19.0.0.1
- ibm / business_automation_workflow19.0.0.2 – 19.0.0.2
- ibm / business_automation_workflow19.0.0.3 – 19.0.0.3
- ibm / business_automation_workflow20.0.0.1 – 20.0.0.1
- ibm / business_automation_workflow20.0.0.2 – 20.0.0.2
- ibm / business_automation_workflow21.0.2 – 21.0.2
- ibm / Cloud Pak for Automation21.0.2 – 21.0.2