Lucene search

IBM40E25BF43416318373F04592FA29F5CF091181242C5B0D3B296B0F563DE46380

HistoryMar 08, 2021 - 4:55 p.m.

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2021-20358

2021-03-0816:55:40

www.ibm.com

ibm business automation workflow

information leakage

cve-2021-20358

sensitive information

api connection

log files

cvss

interim fix

cumulative fix

vulnerability

EPSS

0.001

Percentile

23.7%

JSON

Summary

IBM Business Automation Workflow may leak sensitive information in trace when emitting events for Business Automation Insights.

Vulnerability Details

CVEID:CVE-2021-20358
**DESCRIPTION:**IBM Business Automation Insights stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Business Automation Workflow	V20.0
V19.0.0.3

Remediation/Fixes

The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR63129 as soon as practical:

IBM Business Automation Workflow

For IBM Business Automation Workflow V19.0, and V20.0
· Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR63129
--OR–
· Apply cumulative fix Business Automation Workflow V21.0.x

Workarounds and Mitigations

None

EPSS

0.001

Percentile

23.7%

JSON

Related for 40E25BF43416318373F04592FA29F5CF091181242C5B0D3B296B0F563DE46380