CVE-2021-29753

MEDIUM

IBM BA Workflow 18-21 & BPM 8.5-8.6 Cleartext Transmission of Sensitive Info

Title source: llm
STIX 2.1

Description

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6513703
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/201919

Scores

CVSS v3 5.9
EPSS 0.0007
EPSS Percentile 21.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-319
Status published
Products (6)
ibm/business_automation_workflow 18.0.0.0
ibm/business_automation_workflow 19.0.0.0
ibm/business_automation_workflow 20.0.0.0
ibm/business_automation_workflow 21.0.0.0
ibm/business_process_manager 8.5.0.0
ibm/business_process_manager 8.6.0.0
Published Nov 05, 2021
Tracked Since Feb 18, 2026