CVE-2021-39046

Name of the Vulnerable Software and Affected Versions IBM Business Automation Workflow versions 18.0 through 21.0 IBM Business Process Manager versions 8.5 through 8.6

Description The issue allows user credentials to be stored in plain clear text, which can be read by a low-privileged user.

Recommendations For IBM Business Automation Workflow versions 18.0 through 21.0, consider restricting access to sensitive areas where credentials are stored until a fix is available. For IBM Business Process Manager versions 8.5 through 8.6, restrict access to areas where user credentials are stored in plain text to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.