CVE-2020-4490

Summary

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Process Manager Advanced8.0affected
IBMBusiness Process Manager Advanced8.0.1affected
IBMBusiness Process Manager Advanced8.0.1.1affected
IBMBusiness Process Manager Advanced8.0.1.2affected
IBMBusiness Process Manager Advanced8.5affected
IBMBusiness Process Manager Advanced8.5.0.1affected
IBMBusiness Process Manager Advanced8.5.5affected
IBMBusiness Process Manager Advanced8.0.1.3affected
IBMBusiness Process Manager Advanced8.5.6affected
IBMBusiness Process Manager Advanced8.5.0.2affected
IBMBusiness Process Manager Advanced8.5.7affected
IBMBusiness Process Manager Advanced8.5.7.CF201609affected
IBMBusiness Process Manager Advanced8.5.6.1affected
IBMBusiness Process Manager Advanced8.5.6.2affected
IBMBusiness Process Manager Advanced8.5.7.CF201606affected
IBMBusiness Process Manager Advanced8.5.7.CF201612affected
IBMBusiness Process Manager Advanced8.5.7.CF201703affected
IBMBusiness Process Manager Advanced8.5.7.CF201706affected
IBMBusiness Process Manager Advanced8.6affected
IBMBusiness Automation Workflow18.0.0.0affected
IBMBusiness Automation Workflow19.0.0.0affected

Weaknesses

  • Bypass Security

ADP Enrichment

CVE Program Container

Additional References

References