CVE-2020-4490

Name of the Vulnerable Software and Affected Versions IBM Business Automation Workflow versions 18 through 19 IBM Business Process Manager versions 8.0 through 8.6

Description The issue is caused by a reverse tabnabbing flaw, allowing a remote attacker to bypass security restrictions. An attacker could exploit this and redirect a victim to a phishing site.

Recommendations For IBM Business Automation Workflow versions 18 through 19, update to a version that includes a fix for the reverse tabnabbing flaw. For IBM Business Process Manager versions 8.0 through 8.6, update to a version that includes a fix for the reverse tabnabbing flaw. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.