Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for automation_workstream_services by ibm

    CVE-2020-4794 (GCVE-0-2020-4794)

    Vulnerability from nvd – Published: 2020-12-21 17:50 – Updated: 2024-09-16 18:43
    VLAI
    Summary
    IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2020-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:58.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6359463"
              },
              {
                "name": "ibm-icp4a-cve20204794-input-validation (189445)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Workstream Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.0.3"
                },
                {
                  "status": "affected",
                  "version": "20.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.0.2"
                }
              ]
            },
            {
              "product": "Business Process Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.6"
                }
              ]
            },
            {
              "product": "Business Automation Workflow",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.0"
                },
                {
                  "status": "affected",
                  "version": "20.0"
                },
                {
                  "status": "affected",
                  "version": "18.0"
                }
              ]
            }
          ],
          "datePublic": "2020-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/I:N/C:L/AC:L/PR:L/S:U/AV:N/UI:N/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-21T17:50:30.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6359463"
            },
            {
              "name": "ibm-icp4a-cve20204794-input-validation (189445)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-12-18T00:00:00",
              "ID": "CVE-2020-4794",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Workstream Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "19.0.3"
                              },
                              {
                                "version_value": "20.0.1"
                              },
                              {
                                "version_value": "20.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Business Process Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Business Automation Workflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "19.0"
                              },
                              {
                                "version_value": "20.0"
                              },
                              {
                                "version_value": "18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6359463",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6359463 (Automation Workstream Services)",
                  "url": "https://www.ibm.com/support/pages/node/6359463"
                },
                {
                  "name": "ibm-icp4a-cve20204794-input-validation (189445)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4794",
        "datePublished": "2020-12-21T17:50:30.680Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:43:25.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-4794 (GCVE-0-2020-4794)

    Vulnerability from cvelistv5 – Published: 2020-12-21 17:50 – Updated: 2024-09-16 18:43
    VLAI
    Summary
    IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
    CWE
    • Denial of Service
    Assigner
    ibm
    References
    Impacted products
    Date Public
    2020-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:14:58.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/pages/node/6359463"
              },
              {
                "name": "ibm-icp4a-cve20204794-input-validation (189445)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Automation Workstream Services",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.0.3"
                },
                {
                  "status": "affected",
                  "version": "20.0.1"
                },
                {
                  "status": "affected",
                  "version": "20.0.2"
                }
              ]
            },
            {
              "product": "Business Process Manager",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.6"
                }
              ]
            },
            {
              "product": "Business Automation Workflow",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "19.0"
                },
                {
                  "status": "affected",
                  "version": "20.0"
                },
                {
                  "status": "affected",
                  "version": "18.0"
                }
              ]
            }
          ],
          "datePublic": "2020-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:L/I:N/C:L/AC:L/PR:L/S:U/AV:N/UI:N/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-21T17:50:30.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/pages/node/6359463"
            },
            {
              "name": "ibm-icp4a-cve20204794-input-validation (189445)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2020-12-18T00:00:00",
              "ID": "CVE-2020-4794",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Automation Workstream Services",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "19.0.3"
                              },
                              {
                                "version_value": "20.0.1"
                              },
                              {
                                "version_value": "20.0.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Business Process Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Business Automation Workflow",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "19.0"
                              },
                              {
                                "version_value": "20.0"
                              },
                              {
                                "version_value": "18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/pages/node/6359463",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 6359463 (Automation Workstream Services)",
                  "url": "https://www.ibm.com/support/pages/node/6359463"
                },
                {
                  "name": "ibm-icp4a-cve20204794-input-validation (189445)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2020-4794",
        "datePublished": "2020-12-21T17:50:30.680Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:43:25.778Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }