CVE-2020-4794
MEDIUM WAF: Low
CVSS 5.4
Published: 2020-12-21
CWE-863
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | automation_workstream_services | 19.0.3 |
| ibm | automation_workstream_services | 20.0.1 |
| ibm | automation_workstream_services | 20.0.2 |
| ibm | business_process_manager | 8.0.0.0 |
| ibm | business_process_manager | 8.0.0.0 |
| ibm | business_process_manager | 8.0.1.0 |
| ibm | business_process_manager | 8.0.1.0 |
| ibm | business_process_manager | 8.0.1.1 |
| ibm | business_process_manager | 8.0.1.1 |
| ibm | business_process_manager | 8.0.1.2 |
References
- exchange.xforce.ibmcloud.com (VDB Entry, Vendor Advisory)
- www.ibm.com (Patch, Vendor Advisory)