What is the severity of CVE-2021-39046?

The severity of CVE-2021-39046 is medium with a severity value of 4.9.

How does CVE-2021-39046 impact user credentials?

CVE-2021-39046 allows a privileged user to read user credentials stored in plain clear text.

What is the Common Weakness Enumeration (CWE) of CVE-2021-39046?

The Common Weakness Enumeration (CWE) of CVE-2021-39046 is CWE-522.

Where can I find more information about CVE-2021-39046?

You can find more information about CVE-2021-39046 on the IBM X-Force Exchange website and the IBM support pages.

Vulnerability/
CVE-2021-39046

medium

4.9

CWE

522

17/3/2022

18/3/2022

16/9/2024

CVE-2021-39046

First published: Thu Mar 17 2022(Updated: )

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Business Automation Workflow	=18.0.0.0
IBM Business Automation Workflow	=18.0.0.1
IBM Business Automation Workflow	=18.0.0.2
IBM Business Automation Workflow	=19.0.0.1
IBM Business Automation Workflow	=19.0.0.2
IBM Business Automation Workflow	=19.0.0.3
IBM Business Automation Workflow	=20.0.0.1
IBM Business Automation Workflow	=20.0.0.2
IBM Business Automation Workflow	=21.0.2
IBM Business Process Manager	=8.5
IBM Business Process Manager	=8.6
	<=V21.0V20.0V19.0V18.0
	<=V8.6V8.5

Remedy

https://www.ibm.com/support/pages/node/6564387

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6564387

Frequently Asked Questions

What is the severity of CVE-2021-39046?
The severity of CVE-2021-39046 is medium with a severity value of 4.9.
Which IBM products are affected by CVE-2021-39046?
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 are affected by CVE-2021-39046.
How does CVE-2021-39046 impact user credentials?
CVE-2021-39046 allows a privileged user to read user credentials stored in plain clear text.
What is the Common Weakness Enumeration (CWE) of CVE-2021-39046?
The Common Weakness Enumeration (CWE) of CVE-2021-39046 is CWE-522.
Where can I find more information about CVE-2021-39046?
You can find more information about CVE-2021-39046 on the IBM X-Force Exchange website and the IBM support pages.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/author
agent/weakness
agent/remedy
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm business automation workflow
version/ibm business automation workflow/18.0.0.0
version/ibm business automation workflow/18.0.0.1
version/ibm business automation workflow/18.0.0.2
version/ibm business automation workflow/19.0.0.1
version/ibm business automation workflow/19.0.0.2
version/ibm business automation workflow/19.0.0.3
version/ibm business automation workflow/20.0.0.1
version/ibm business automation workflow/20.0.0.2
version/ibm business automation workflow/21.0.2
canonical/ibm business process manager
version/ibm business process manager/8.5
version/ibm business process manager/8.6
version/ibm business automation workflow/v21.0v20.0v19.0v18.0
version/ibm business process manager/v8.6v8.5