First published: Tue Jun 16 2020(Updated: )
IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | =18.0.0.1 | |
IBM Business Automation Workflow | =19.0.0.3 | |
IBM Business Process Manager | >=8.5.5.0<8.5.7.0 | |
IBM Business Process Manager | =8.6.0.0 | |
IBM Business Automation Workflow | <=V19.0.0.3 note that 19.0.0.1 and 19.0.0.2 are NOT affected)V18.0.0.1 | |
IBM Business Process Manager | <=V8.6V8.5 (8.5.5.0 and later) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-4532 is medium with a CVSS score of 5.3.
IBM Business Automation Workflow versions 18.0.0.1 and 19.0.0.3 are affected by CVE-2020-4532.
IBM Business Process Manager versions 8.5.5, 8.5.6, 8.5.7, and 8.6 are affected by CVE-2020-4532.
A remote attacker can exploit CVE-2020-4532 by obtaining sensitive information when a detailed technical error message is returned in the browser.
For more information on CVE-2020-4532, you can refer to the IBM X-Force Exchange and IBM Support pages.