CVE-2020-4794
MEDIUMIBM Automation Workstream Services 19.0.3, 20.0.1-20.0.2 - Authenticated Information Disclosure and Denial of Service
Title source: llmDescription
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6359463
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/189445
Scores
CVSS v3
5.4
EPSS
0.0084
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-863
Status
published
Products (27)
ibm/automation_workstream_services
19.0.3
ibm/automation_workstream_services
20.0.1
ibm/automation_workstream_services
20.0.2
ibm/business_automation_workflow
18.0.0.0
ibm/business_automation_workflow
18.0.0.1
ibm/business_automation_workflow
18.0.0.2
ibm/business_automation_workflow
19.0.0.0
ibm/business_automation_workflow
19.0.0.1
ibm/business_automation_workflow
19.0.0.2
ibm/business_automation_workflow
19.0.0.3
... and 17 more
Published
Dec 21, 2020
Tracked Since
Feb 18, 2026