CVE-2020-4794

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
ibmCNA
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/A:L/I:N/C:L/AC:L/PR:L/S:U/AV:N/UI:N/RC:C/E:U/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
ibmautomation_workstream_services
19.0.3
ibmautomation_workstream_services
20.0.1
ibmautomation_workstream_services
20.0.2
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.0.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.0
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.1
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.2
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.0.1.3
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.1
ibmbusiness_process_manager
8.5.0.2
ibmbusiness_process_manager
8.5.0.2
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.5.0
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.0
ibmbusiness_process_manager
8.5.6.1
ibmbusiness_process_manager
8.5.6.1
ibmbusiness_process_manager
8.5.6.2
ibmbusiness_process_manager
8.5.6.2
ibmbusiness_process_manager
8.5.7.0
ibmbusiness_process_manager
8.5.7.0
ibmbusiness_process_manager
8.5.7.0:cf201606
ibmbusiness_process_manager
8.5.7.0:cf201606
ibmbusiness_process_manager
8.5.7.0:cf201609
ibmbusiness_process_manager
8.5.7.0:cf201609
ibmbusiness_process_manager
8.5.7.0:cf201612
ibmbusiness_process_manager
8.5.7.0:cf201612
ibmbusiness_process_manager
8.5.7.0:cf201703
ibmbusiness_process_manager
8.5.7.0:cf201703
ibmbusiness_process_manager
8.5.7.0:cf201706
ibmbusiness_process_manager
8.5.7.0:cf201706
ibmbusiness_process_manager
8.6
ibmbusiness_process_manager
8.6
ibmbusiness_automation_workflow
18.0.0.0
ibmbusiness_automation_workflow
18.0.0.1
ibmbusiness_automation_workflow
18.0.0.2
ibmbusiness_automation_workflow
19.0.0.0
ibmbusiness_automation_workflow
19.0.0.1
ibmbusiness_automation_workflow
19.0.0.2
ibmbusiness_automation_workflow
19.0.0.3
ibmbusiness_automation_workflow
20.0.0.0
ibmbusiness_automation_workflow
20.0.0.1
ibmbusiness_automation_workflow
20.0.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/189445
https://www.ibm.com/support/pages/node/6359463
https://exchange.xforce.ibmcloud.com/vulnerabilities/189445
https://www.ibm.com/support/pages/node/6359463