Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-4531

Опубликовано: 25 сент. 2020
Источник: nvd
CVSS3: 5.3
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:19.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:-:*:*:-:*:*:*

EPSS

Процентиль: 32%
0.00124
Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-252

Связанные уязвимости

github логотип

GHSA-2c29-84m2-9q27

github
больше 3 лет назад

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.

EPSS

Процентиль: 32%
0.00124
Низкий

5.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-252