IBM Business Automation Workflow may leak sensitive information in trace when emitting events for Business Automation Insights.
CVEID:CVE-2021-20358
**DESCRIPTION:**IBM Business Automation Insights stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Business Automation Workflow | V20.0 |
V19.0.0.3 |
The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR63129 as soon as practical:
For IBM Business Automation Workflow V19.0, and V20.0
ยท Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR63129
--ORโ
ยท Apply cumulative fix Business Automation Workflow V21.0.x
None