CVE-2020-4794

EPSS 0.13%
Veröffentlicht 21.12.2020 18:15:16
Zuletzt bearbeitet 21.11.2024 05:33:16
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Automation Workstream Services Version19.0.3

Ibm ≫ Automation Workstream Services Version20.0.1

Ibm ≫ Automation Workstream Services Version20.0.2

Ibm ≫ Business Process Manager Version8.0.0.0 SwEditionexpress

Ibm ≫ Business Process Manager Version8.0.0.0 SwEditionstandard

Ibm ≫ Business Process Manager Version8.0.1.0 SwEditionexpress

Ibm ≫ Business Process Manager Version8.0.1.0 SwEditionstandard

Ibm ≫ Business Process Manager Version8.0.1.1 SwEditionexpress

Ibm ≫ Business Process Manager Version8.0.1.1 SwEditionstandard

Ibm ≫ Business Process Manager Version8.0.1.2 SwEditionexpress

Ibm ≫ Business Process Manager Version8.0.1.2 SwEditionstandard

Ibm ≫ Business Process Manager Version8.0.1.3 SwEditionexpress

Ibm ≫ Business Process Manager Version8.0.1.3 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.0.0 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.0.0 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.0.1 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.0.1 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.0.2 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.0.2 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.5.0 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.5.0 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.6.0 Update- SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.6.0 Update- SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.6.1 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.6.1 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.6.2 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.6.2 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.7.0 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.7.0 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201606 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201606 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201609 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201609 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201612 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201612 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201703 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201703 SwEditionstandard

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201706 SwEditionexpress

Ibm ≫ Business Process Manager Version8.5.7.0 Updatecf201706 SwEditionstandard

Ibm ≫ Business Process Manager Version8.6 SwEditionexpress

Ibm ≫ Business Process Manager Version8.6 SwEditionstandard

Ibm ≫ Business Automation Workflow Version18.0.0.0 SwEdition-

Ibm ≫ Business Automation Workflow Version18.0.0.1 SwEdition-

Ibm ≫ Business Automation Workflow Version18.0.0.2 SwEdition-

Ibm ≫ Business Automation Workflow Version19.0.0.0 SwEdition-

Ibm ≫ Business Automation Workflow Version19.0.0.1 SwEdition-

Ibm ≫ Business Automation Workflow Version19.0.0.2 SwEdition-

Ibm ≫ Business Automation Workflow Version19.0.0.3 SwEdition-

Ibm ≫ Business Automation Workflow Version20.0.0.0 SwEditiondocker

Ibm ≫ Business Automation Workflow Version20.0.0.1 SwEdition-

Ibm ≫ Business Automation Workflow Version20.0.2.0 SwEdition-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.289

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:N/A:P
psirt@us.ibm.com	5.4	2.8	2.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://exchange.xforce.ibmcloud.com/vulnerabilities/189445

Vendor Advisory

VDB Entry

https://www.ibm.com/support/pages/node/6359463

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-4794

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4794

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4794

EUVD