Business Automation Workflow
CVE-2021-29751
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
AnalysisAI
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779. Affected products include: Ibm Business Automation Workflow, Ibm Business Process Manager.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Business Automation Workflow
View allIBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. Rated high s
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External E
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log file
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a pr
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote atta
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVS
IBM Business Automation Workflow 18. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no au
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive informat
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today