CVE-2021-29751
Summary
| CVE | CVE-2021-29751 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-28 16:15:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Business Automation Workflow | 18.0.0.0 | All | All | All |
| Application | Ibm | Business Automation Workflow | 19.0.0.0 | All | All | All |
| Application | Ibm | Business Automation Workflow | 20.0.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.5.0.0 | All | All | All |
| Application | Ibm | Business Process Manager | 8.6.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletin: Incorrect authorization in IBM Business Automation Workflow and IBM Business Process Manager (BPM) | CONFIRM | www.ibm.com | |
| Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak for Automation | CONFIRM | www.ibm.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.