Lucene search

IbmCVE-2020-4794

HistoryDec 21, 2020 - 6:15 p.m.

CVE-2020-4794

2020-12-2118:15:16

CWE-863

ibm

web.nvd.nist.gov

ibm

automation workstream services

business automation workflow

business process manager

cve-2020-4794

security vulnerability

authorization

nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.

Affected configurations

Nvd

Vulners

Node

ibmautomation_workstream_servicesMatch19.0.3

ibmautomation_workstream_servicesMatch20.0.1

ibmautomation_workstream_servicesMatch20.0.2

ibmbusiness_process_managerMatch8.0.0.0express

ibmbusiness_process_managerMatch8.0.0.0standard

ibmbusiness_process_managerMatch8.0.1.0express

ibmbusiness_process_managerMatch8.0.1.0standard

ibmbusiness_process_managerMatch8.0.1.1express

ibmbusiness_process_managerMatch8.0.1.1standard

ibmbusiness_process_managerMatch8.0.1.2express

ibmbusiness_process_managerMatch8.0.1.2standard

ibmbusiness_process_managerMatch8.0.1.3express

ibmbusiness_process_managerMatch8.0.1.3standard

ibmbusiness_process_managerMatch8.5.0.0express

ibmbusiness_process_managerMatch8.5.0.0standard

ibmbusiness_process_managerMatch8.5.0.1express

ibmbusiness_process_managerMatch8.5.0.1standard

ibmbusiness_process_managerMatch8.5.0.2express

ibmbusiness_process_managerMatch8.5.0.2standard

ibmbusiness_process_managerMatch8.5.5.0express

ibmbusiness_process_managerMatch8.5.5.0standard

ibmbusiness_process_managerMatch8.5.6.0-express

ibmbusiness_process_managerMatch8.5.6.0-standard

ibmbusiness_process_managerMatch8.5.6.1express

ibmbusiness_process_managerMatch8.5.6.1standard

ibmbusiness_process_managerMatch8.5.6.2express

ibmbusiness_process_managerMatch8.5.6.2standard

ibmbusiness_process_managerMatch8.5.7.0express

ibmbusiness_process_managerMatch8.5.7.0standard

ibmbusiness_process_managerMatch8.5.7.0cf201606express

ibmbusiness_process_managerMatch8.5.7.0cf201606standard

ibmbusiness_process_managerMatch8.5.7.0cf201609express

ibmbusiness_process_managerMatch8.5.7.0cf201609standard

ibmbusiness_process_managerMatch8.5.7.0cf201612express

ibmbusiness_process_managerMatch8.5.7.0cf201612standard

ibmbusiness_process_managerMatch8.5.7.0cf201703express

ibmbusiness_process_managerMatch8.5.7.0cf201703standard

ibmbusiness_process_managerMatch8.5.7.0cf201706express

ibmbusiness_process_managerMatch8.5.7.0cf201706standard

ibmbusiness_process_managerMatch8.6express

ibmbusiness_process_managerMatch8.6standard

Node

ibmbusiness_automation_workflowMatch18.0.0.0-

ibmbusiness_automation_workflowMatch18.0.0.1-

ibmbusiness_automation_workflowMatch18.0.0.2-

ibmbusiness_automation_workflowMatch19.0.0.0-

ibmbusiness_automation_workflowMatch19.0.0.1-

ibmbusiness_automation_workflowMatch19.0.0.2-

ibmbusiness_automation_workflowMatch19.0.0.3-

ibmbusiness_automation_workflowMatch20.0.0.0docker

ibmbusiness_automation_workflowMatch20.0.0.1-

ibmbusiness_automation_workflowMatch20.0.2.0-

VendorProductVersionCPE
ibmautomation_workstream_services19.0.3cpe:2.3:a:ibm:automation_workstream_services:19.0.3:*:*:*:*:*:*:*
ibmautomation_workstream_services20.0.1cpe:2.3:a:ibm:automation_workstream_services:20.0.1:*:*:*:*:*:*:*
ibmautomation_workstream_services20.0.2cpe:2.3:a:ibm:automation_workstream_services:20.0.2:*:*:*:*:*:*:*
ibmbusiness_process_manager8.0.0.0cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:express:*:*:*
ibmbusiness_process_manager8.0.0.0cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:standard:*:*:*
ibmbusiness_process_manager8.0.1.0cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:express:*:*:*
ibmbusiness_process_manager8.0.1.0cpe:2.3:a:ibm:business_process_manager:8.0.1.0:*:*:*:standard:*:*:*
ibmbusiness_process_manager8.0.1.1cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:express:*:*:*
ibmbusiness_process_manager8.0.1.1cpe:2.3:a:ibm:business_process_manager:8.0.1.1:*:*:*:standard:*:*:*
ibmbusiness_process_manager8.0.1.2cpe:2.3:a:ibm:business_process_manager:8.0.1.2:*:*:*:express:*:*:*

Vendor	Product	Version	CPE
ibm	automation_workstream_services	19.0.3	cpe:2.3:a:ibm:automation_workstream_services:19.0.3:::::::*
ibm	automation_workstream_services	20.0.1	cpe:2.3:a:ibm:automation_workstream_services:20.0.1:::::::*
ibm	automation_workstream_services	20.0.2	cpe:2.3:a:ibm:automation_workstream_services:20.0.2:::::::*
ibm	business_process_manager	8.0.0.0	cpe:2.3:a:ibm:business_process_manager:8.0.0.0::::express:::
ibm	business_process_manager	8.0.0.0	cpe:2.3:a:ibm:business_process_manager:8.0.0.0::::standard:::
ibm	business_process_manager	8.0.1.0	cpe:2.3:a:ibm:business_process_manager:8.0.1.0::::express:::
ibm	business_process_manager	8.0.1.0	cpe:2.3:a:ibm:business_process_manager:8.0.1.0::::standard:::
ibm	business_process_manager	8.0.1.1	cpe:2.3:a:ibm:business_process_manager:8.0.1.1::::express:::
ibm	business_process_manager	8.0.1.1	cpe:2.3:a:ibm:business_process_manager:8.0.1.1::::standard:::
ibm	business_process_manager	8.0.1.2	cpe:2.3:a:ibm:business_process_manager:8.0.1.2::::express:::

Rows per page:

1-10 of 511

CNA Affected

[
  {
    "product": "Automation Workstream Services",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "19.0.3"
      },
      {
        "status": "affected",
        "version": "20.0.1"
      },
      {
        "status": "affected",
        "version": "20.0.2"
      }
    ]
  },
  {
    "product": "Business Process Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.6"
      }
    ]
  },
  {
    "product": "Business Automation Workflow",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "19.0"
      },
      {
        "status": "affected",
        "version": "20.0"
      },
      {
        "status": "affected",
        "version": "18.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/189445

www.ibm.com/support/pages/node/6359463

Social References

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

Related for CVE-2020-4794