Lucene search

IbmCVE-2020-4531

HistorySep 25, 2020 - 5:15 p.m.

CVE-2020-4531

2020-09-2517:15:13

CWE-252

ibm

web.nvd.nist.gov

ibm

business automation workflow

business process manager

remote attack

sensitive information

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.

Affected configurations

Nvd

Vulners

Node

ibmbusiness_automation_workflowMatch18.0.0.0

ibmbusiness_automation_workflowMatch19.0.0.0

ibmbusiness_automation_workflowMatch20.0.0.0

ibmbusiness_process_managerMatch8.0.0.0

ibmbusiness_process_managerMatch8.5.0.0

ibmbusiness_process_managerMatch8.6.0.0--

VendorProductVersionCPE
ibmbusiness_automation_workflow18.0.0.0cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
ibmbusiness_automation_workflow19.0.0.0cpe:2.3:a:ibm:business_automation_workflow:19.0.0.0:*:*:*:*:*:*:*
ibmbusiness_automation_workflow20.0.0.0cpe:2.3:a:ibm:business_automation_workflow:20.0.0.0:*:*:*:*:*:*:*
ibmbusiness_process_manager8.0.0.0cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*
ibmbusiness_process_manager8.5.0.0cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*
ibmbusiness_process_manager8.6.0.0cpe:2.3:a:ibm:business_process_manager:8.6.0.0:-:*:*:-:*:*:*

Vendor	Product	Version	CPE
ibm	business_automation_workflow	18.0.0.0	cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:::::::*
ibm	business_automation_workflow	19.0.0.0	cpe:2.3:a:ibm:business_automation_workflow:19.0.0.0:::::::*
ibm	business_automation_workflow	20.0.0.0	cpe:2.3:a:ibm:business_automation_workflow:20.0.0.0:::::::*
ibm	business_process_manager	8.0.0.0	cpe:2.3:a:ibm:business_process_manager:8.0.0.0:::::::*
ibm	business_process_manager	8.5.0.0	cpe:2.3:a:ibm:business_process_manager:8.5.0.0:::::::*
ibm	business_process_manager	8.6.0.0	cpe:2.3:a:ibm:business_process_manager:8.6.0.0:-:::-:::*

CNA Affected

[
  {
    "product": "Business Automation Workflow",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "18.0"
      },
      {
        "status": "affected",
        "version": "19.0"
      },
      {
        "status": "affected",
        "version": "20.0"
      }
    ]
  },
  {
    "product": "Business Process Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "8.6"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/182715

www.ibm.com/support/pages/node/6336935

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

Related for CVE-2020-4531