Description
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CVSS breakdown
CVSS 3.0
Privileges Required
None
Confidentiality
High
Scope
Unchanged
Attack Vector
Network
User Interaction
None
Availability
None
Attack Complexity
High
Integrity
None
RC
Changed
RL
O
E
Unchanged
Affected products
- ibm / business_automation_workflow18.0 – 18.0
- ibm / business_automation_workflow19.0 – 19.0
- ibm / business_automation_workflow20.0 – 20.0
- ibm / business_automation_workflow21.0 – 21.0
- ibm / Business Process Manager8.5 – 8.5
- ibm / Business Process Manager8.6 – 8.6