CVE-2020-4794

🗓️ 21 Dec 2020 18:15:16Reported by [email protected]Type

nvd

nvd🔗 web.nvd.nist.gov👁 13 Views

IBM Automation Workstream Services, Business Automation Workflow, and Business Process Manager have improper authorization checking, allowing authenticated user to obtain sensitive information or cause denial of service

Reporter	Title	Published	Views	Family All 7
CNNVD	IBM多款产品授权问题漏洞	18 Dec 202000:00	–	cnnvd
CNVD	Multiple IBM Products Licensing Issues Vulnerabilities	23 Dec 202000:00	–	cnvd
CVE	CVE-2020-4794	21 Dec 202017:50	–	cve
Cvelist	CVE-2020-4794	21 Dec 202017:50	–	cvelist
EUVD	EUVD-2020-26041	7 Oct 202500:30	–	euvd
IBM Security Bulletins	Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4794	18 Dec 202007:04	–	ibm
Prion	Authorization	21 Dec 202018:15	–	prion

NVD

Node

ibm automation_workstream_servicesMatch19.0.3

OR

ibm automation_workstream_servicesMatch20.0.1

OR

ibm automation_workstream_servicesMatch20.0.2

OR

ibm business_process_managerMatch8.0.0.0express

OR

ibm business_process_managerMatch8.0.0.0standard

OR

ibm business_process_managerMatch8.0.1.0express

OR

ibm business_process_managerMatch8.0.1.0standard

OR

ibm business_process_managerMatch8.0.1.1express

OR

ibm business_process_managerMatch8.0.1.1standard

OR

ibm business_process_managerMatch8.0.1.2express

OR

ibm business_process_managerMatch8.0.1.2standard

OR

ibm business_process_managerMatch8.0.1.3express

OR

ibm business_process_managerMatch8.0.1.3standard

OR

ibm business_process_managerMatch8.5.0.0express

OR

ibm business_process_managerMatch8.5.0.0standard

OR

ibm business_process_managerMatch8.5.0.1express

OR

ibm business_process_managerMatch8.5.0.1standard

OR

ibm business_process_managerMatch8.5.0.2express

OR

ibm business_process_managerMatch8.5.0.2standard

OR

ibm business_process_managerMatch8.5.5.0express

OR

ibm business_process_managerMatch8.5.5.0standard

OR

ibm business_process_managerMatch8.5.6.0-express

OR

ibm business_process_managerMatch8.5.6.0-standard

OR

ibm business_process_managerMatch8.5.6.1express

OR

ibm business_process_managerMatch8.5.6.1standard

OR

ibm business_process_managerMatch8.5.6.2express

OR

ibm business_process_managerMatch8.5.6.2standard

OR

ibm business_process_managerMatch8.5.7.0express

OR

ibm business_process_managerMatch8.5.7.0standard

OR

ibm business_process_managerMatch8.5.7.0cf201606express

OR

ibm business_process_managerMatch8.5.7.0cf201606standard

OR

ibm business_process_managerMatch8.5.7.0cf201609express

OR

ibm business_process_managerMatch8.5.7.0cf201609standard

OR

ibm business_process_managerMatch8.5.7.0cf201612express

OR

ibm business_process_managerMatch8.5.7.0cf201612standard

OR

ibm business_process_managerMatch8.5.7.0cf201703express

OR

ibm business_process_managerMatch8.5.7.0cf201703standard

OR

ibm business_process_managerMatch8.5.7.0cf201706express

OR

ibm business_process_managerMatch8.5.7.0cf201706standard

OR

ibm business_process_managerMatch8.6express

OR

ibm business_process_managerMatch8.6standard

Node

ibm business_automation_workflowMatch18.0.0.0-

OR

ibm business_automation_workflowMatch18.0.0.1-

OR

ibm business_automation_workflowMatch18.0.0.2-

OR

ibm business_automation_workflowMatch19.0.0.0-

OR

ibm business_automation_workflowMatch19.0.0.1-

OR

ibm business_automation_workflowMatch19.0.0.2-

OR

ibm business_automation_workflowMatch19.0.0.3-

OR

ibm business_automation_workflowMatch20.0.0.0docker

OR

ibm business_automation_workflowMatch20.0.0.1-

OR

ibm business_automation_workflowMatch20.0.2.0-

Source	Link
ibm	www.ibm.com/support/pages/node/6359463
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/189445

21 Nov 2024 05:33Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.4

CVSS 25.5

CVSS 35.4

EPSS0.00128

ibm authorization checking sensitive information denial of service x-force id