CVE-2021-29751

EUVD-2021-16225
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ibmCNA
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.0/C:L/UI:N/S:U/AV:N/PR:L/I:N/AC:H/A:N/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
ibmbusiness_automation_workflow
18.0.0.0
ibmbusiness_automation_workflow
19.0.0.0
ibmbusiness_automation_workflow
20.0.0.0
ibmbusiness_process_manager
8.5.0.0
ibmbusiness_process_manager
8.6.0.0
𝑥
= Vulnerable software versions
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/201779
https://www.ibm.com/support/pages/node/6465127
https://www.ibm.com/support/pages/node/6467055
https://exchange.xforce.ibmcloud.com/vulnerabilities/201779
https://www.ibm.com/support/pages/node/6465127
https://www.ibm.com/support/pages/node/6467055