CVE-2021-39046
MEDIUMIBM Business Automation Workflow - Insufficiently Protected Credentials
Title source: ruleDescription
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.
Scores
CVSS v3
4.9
EPSS
0.0014
EPSS Percentile
34.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-522
Status
published
Affected Products (11)
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_automation_workflow
ibm/business_process_manager
ibm/business_process_manager
Timeline
Published
Mar 18, 2022
Tracked Since
Feb 18, 2026