CVE-2020-4532

Summary

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Process Manager Express8.6affected
IBMBusiness Process Manager Express8.5.7.CF201706affected
IBMBusiness Process Manager Express8.5.7.CF201703affected
IBMBusiness Process Manager Express8.5.7.CF201612affected
IBMBusiness Process Manager Express8.5.7.CF201609affected
IBMBusiness Process Manager Express8.5.7.CF201606affected
IBMBusiness Process Manager Express8.5.7affected
IBMBusiness Process Manager Express8.5.6.2affected
IBMBusiness Process Manager Express8.5.6.1affected
IBMBusiness Process Manager Express8.5.6affected
IBMBusiness Process Manager Express8.5.5affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References