CVE-2021-38900

Summary

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Automation Workflow18.0.0.0affected
IBMBusiness Automation Workflow18.0.0.1affected
IBMBusiness Automation Workflow18.0.0.2affected
IBMBusiness Automation Workflow19.0.0.1affected
IBMBusiness Automation Workflow19.0.0.2affected
IBMBusiness Automation Workflow19.0.0.3affected
IBMBusiness Automation Workflow20.0.0.1affected
IBMBusiness Automation Workflow20.0.0.2affected
IBMBusiness Automation Workflow21.0.2affected
IBMCloud Pak for Automation21.0.2affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References