Overview
- Description
- IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 3.1
- Impact score
- 1.4
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1D36993-75D4-4EDE-8748-A3FDE4C69DF3"
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:19.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90104525-6A11-4A42-8DD8-BFE267FCF306"
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "830D598E-6916-4170-946D-C04411077148"
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "989C89DF-C6CB-45C9-9592-30A83896BD71"
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "324A0484-C50D-4400-B6FD-23D793F032AD"
}
],
"operator": "OR"
}
]
}
]