CVE-2021-20306
First published: Mon Apr 05 2021(Updated: )
A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Descision Manager | =7.0 | |
| Redhat Jbpm | =7.51.0 | |
| Redhat Process Automation | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw?
The vulnerability ID for this flaw is CVE-2021-20306.
What is the severity rating of CVE-2021-20306?
The severity rating of CVE-2021-20306 is medium, with a value of 4.3.
What is the affected software for CVE-2021-20306?
The affected software for CVE-2021-20306 includes jBPM 7.51.0.Final, Redhat Descision Manager 7.0, Redhat Jbpm 7.51.0, and Redhat Process Automation 7.0.
What is the impact of CVE-2021-20306?
The highest threat from this vulnerability is to confidentiality.
Is there a fix available for CVE-2021-20306?
Yes, a fix is available for CVE-2021-20306. Please refer to the referenced link for more information.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-20306
- vendor/redhat
- canonical/redhat descision manager
- version/redhat descision manager/7.0
- canonical/redhat jbpm
- version/redhat jbpm/7.51.0
- canonical/redhat process automation
- version/redhat process automation/7.0