Описание
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
Ссылки
- Broken Link
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if016:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if017:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if028:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if029:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if030:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if031:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if032:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if033:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if034:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:containers:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:containers:*:*:*
Конфигурация 2Версия от 19.0.0.1 (включая) до 19.0.0.3 (включая)Версия от 20.0.0.1 (включая) до 20.0.0.2 (включая)Версия от 21.0.1 (включая) до 21.0.3.0 (включая)Версия от 22.0.1 (включая) до 22.0.2 (включая)Версия от 23.0.1 (включая) до 23.0.2 (включая)
Одно из
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*
Конфигурация 3Версия от 23.0.1 (включая) до 23.0.2 (включая)
Одно из
cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:enterprise_service_bus:*:*:*
cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:enterprise_service_bus:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
EPSS
Процентиль: 23%
0.00077
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-532