CVE-2020-4794

Name of the Vulnerable Software and Affected Versions IBM Automation Workstream Services versions 19.0.3, 20.0.1, 20.0.2 IBM Business Automation Workflow versions 18.0, 19.0, 20.0 IBM Business Process Manager version 8.6

Description The issue is due to improper authorization checking, which could allow an authenticated user to obtain sensitive information or cause a denial of service.

Recommendations For IBM Automation Workstream Services versions 19.0.3, 20.0.1, 20.0.2, update to a version that includes proper authorization checking. For IBM Business Automation Workflow versions 18.0, 19.0, 20.0, update to a version that includes proper authorization checking. For IBM Business Process Manager version 8.6, update to a version that includes proper authorization checking. As a temporary workaround, consider restricting access to sensitive information and implementing additional authorization checks to minimize the risk of exploitation.