CVE-2020-4490

Published: May 29, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989

Affected (5)

Products: Ibm: Business Automation Workflow, Business Process Manager

Ibm

2 products

Business Automation Workflow

Business Process Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Business Automation Workflow	Version 18.0.0.0
Ibm Business Automation Workflow	Version 19.0.0.0
Ibm Business Process Manager	Version 8.0.0.0
Ibm Business Process Manager	Version 8.5.0.0
Ibm Business Process Manager	Version 8.6.0.0

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/181989

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6217550

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/181989

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6217550

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.