Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM70CFD9CDA515CCC51BDE2658EA4C362008D82917B5DCB470BE7D9B7078096613
HistoryMay 05, 2020 - 4:35 p.m.

Security Bulletin: Information disclosure vulnerability affecting IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4446

2020-05-0516:35:08
www.ibm.com
9

EPSS

0.001

Percentile

32.8%

JSON

Summary

IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack.

Vulnerability Details

CVEID:CVE-2020-4446
**DESCRIPTION:**IBM Business Process Manager and IBM Business Automation Workflow could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181126 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Business Automation Workflow V19.0
V18.0
IBM Business Process Manager V8.6
V8.5
V8.0

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Remediation/Fixes

The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR62271 as soon as practical:

For IBM Business Automation Workflow V18.0 and V19.0
ยท Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR62271
--ORโ€“
ยท Apply cumulative fix Business Automation Workflow V20.0.0.1 or later (targeted availability 2Q 2020)

For IBM Business Process Manager V8.6
ยท Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR62271
--ORโ€“
ยท Upgrade to Business Automation Workflow V20.0.0.1 or later (targeted availability 2Q 2020)

For IBM BPM V8.5
ยท Upgrade to IBM BPM V8.5.7, apply Cumulative Fix 2017.06 and then apply iFix JR62271
--ORโ€“
ยท Upgrade to Business Automation Workflow V20.0.0.1 or later (targeted availability 2Q 2020)

For IBM BPM V8.0
ยท Upgrade to IBM BPM V8.0.1, apply Fix Pack 3 and then apply iFix JR62271
--ORโ€“
ยท Upgrade to Business Automation Workflow V20.0.0.1 or later (targeted availability 2Q 2020)

Workarounds and Mitigations

None

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2020-4446
2020-05-06 14:15:11
prion
prion
Authorization
2020-05-06 14:15:00
cvelist
cvelist
CVE-2020-4446
2020-05-06 13:45:19
cve
cve
CVE-2020-4446
2020-05-06 14:15:11

EPSS

0.001

Percentile

32.8%

JSON
Related for 70CFD9CDA515CCC51BDE2658EA4C362008D82917B5DCB470BE7D9B7078096613
nvd1prion1cvelist1cve1