First published: Mon Nov 29 2021(Updated: )
IBM Business Automation Workflow could allow a privileged user to obtain highly sensitive information due to improper access controls.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM ICP4A - Workflow Process Services | <=V21.0.2 | |
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =18.0.0.1 | |
IBM Business Automation Workflow | =18.0.0.2 | |
IBM Business Automation Workflow | =19.0.0.0 | |
IBM Business Automation Workflow | =19.0.0.1 | |
IBM Business Automation Workflow | =20.0.0.0 | |
IBM Business Automation Workflow | =21.0.0.0 | |
IBM Business Process Manager | =8.5.0.0 | |
IBM Business Process Manager | =8.6.0.0 | |
Ibm Workflow Process Service | =21.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-38900.
The severity of CVE-2021-38900 is medium.
IBM Business Process Manager 8.5 and 8.6, IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0, and IBM ICP4A - Workflow Process Services versions up to 21.0.2 are affected by CVE-2021-38900.
A privileged user can obtain highly sensitive information due to improper access controls with CVE-2021-38900.
You can find more information about CVE-2021-38900 on the IBM X-Force ID page or the IBM support pages.