First published: Thu Sep 24 2020(Updated: )
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | <=V20.0V19.0 V18.0 | |
IBM Business Process Manager | <=V8.6V8.5 V8.0 | |
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =19.0.0.0 | |
IBM Business Automation Workflow | =20.0.0.0 | |
IBM Business Process Manager | =8.0.0.0 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.6.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4531 is a vulnerability in IBM Business Automation Workflow and IBM Business Process Manager that allows a remote attacker to obtain sensitive information.
CVE-2020-4531 impacts IBM Business Automation Workflow versions 18.0, 19.0, and 20.0 by allowing a remote attacker to obtain sensitive information.
CVE-2020-4531 impacts IBM Business Process Manager versions 8.0, 8.5, and 8.6 by allowing a remote attacker to obtain sensitive information.
CVE-2020-4531 has a severity level of 5.3 (Medium).
To fix CVE-2020-4531, IBM recommends applying the necessary patches and updates provided by IBM to the affected software versions.