- Description
- IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 3.1
- Impact score
- 1.4
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1D36993-75D4-4EDE-8748-A3FDE4C69DF3"
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:19.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90104525-6A11-4A42-8DD8-BFE267FCF306"
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "830D598E-6916-4170-946D-C04411077148"
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "989C89DF-C6CB-45C9-9592-30A83896BD71"
},
{
"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "324A0484-C50D-4400-B6FD-23D793F032AD"
}
],
"operator": "OR"
}
]
}
]