IBM05696562AAA8796EC15842089205C4F6B0D9B683B522198F6C63D862A7419FE0Security Bulletin: vulnerability affect IBM Cloud Pak for Business Automation Workflow Process Service (CVE-2021-38900)
0.001 Low
EPSS
Percentile
33.3%
Summary
IBM Cloud Pak for Business Automaion Workflow Process Service could allow a privileged user to obtain highly sensitive information due to improper access controls.
Vulnerability Details
CVEID:CVE-2021-38900
**DESCRIPTION:**IBM Business Automation Workflow could allow a privileged user to obtain highly sensitive information due to improper access controls.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209607 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ICP4A - Workflow Process Services | V21.0.2 |
Remediation/Fixes
The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR64086 as soon as practical:
Apply cumulative fix IBM Cloud Pak for Business Automation 21.0.2 IF006 or above
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud pak for automation | eq | 21.0.2 |
Related
0.001 Low
EPSS
Percentile
33.3%