PT-2020-18116 · Ibm · Ibm Business Process Manager+1
Published
2020-09-25
·
Updated
2020-09-29
·
CVE-2020-4531
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Business Automation Workflow versions 18.0 through 20.0
IBM Business Process Manager versions 8.0 through 8.6
Description
A remote attacker could obtain sensitive information when a detailed technical error message is returned in the browser, potentially using this information for further attacks against the system.
Recommendations
For IBM Business Automation Workflow versions 18.0 through 20.0, update to a version that does not return detailed technical error messages in the browser.
For IBM Business Process Manager versions 8.0 through 8.6, update to a version that does not return detailed technical error messages in the browser.
As a temporary workaround, consider configuring the system to not display detailed technical error messages in the browser until a patch is available.
Fix
Unchecked Return Value
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Business Automation Workflow
Ibm Business Process Manager