Описание
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Ссылки
- VDB EntryVendor Advisory
- Vendor Advisory
- VDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:19.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.5.0.0:*:*:*:-:*:*:*
cpe:2.3:a:ibm:business_process_manager:8.6.0.0:-:*:*:-:*:*:*
EPSS
Процентиль: 22%
0.0007
Низкий
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
github
больше 3 лет назад
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
EPSS
Процентиль: 22%
0.0007
Низкий
5.9 Medium
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319