IBM Cloud Pak for Business Automaion Workflow Process Service could allow a privileged user to obtain highly sensitive information due to improper access controls.
CVEID:CVE-2021-38900
**DESCRIPTION:**IBM Business Automation Workflow could allow a privileged user to obtain highly sensitive information due to improper access controls.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209607 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
ICP4A - Workflow Process Services | V21.0.2 |
The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR64086 as soon as practical:
Apply cumulative fix IBM Cloud Pak for Business Automation 21.0.2 IF006 or above
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for automation | eq | 21.0.2 |