CVE-2020-4490

5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 69.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Business Automation WorkflowIBM Business Process Manager AdvancedIBM Business Process Manager
Timeline
PublishedMay 29
Latest updateMay 24

Description

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDibm/business_process_manager8.0.0.0, 8.5.0.0, 8.6.0.0+2
CVEListV5ibm/business_automation_workflow18.0.0.0, 19.0.0.0+1
NVDibm/business_automation_workflow18.0.0.0, 19.0.0.0+1
CVEListV5ibm/business_process_manager_advanced19 versions+18

🔴Vulnerability Details

3
GHSA
GHSA-9cmc-3866-78p4: IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 82022-05-24
OSV
xorg-server vulnerabilities2020-09-09
CVEList
CVE-2020-4490: IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 82020-05-29

💬Community

1
Bugzilla
CVE-2019-7576 SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c2019-02-13
CVE-2020-4490 (MEDIUM CVSS 6.1) | IBM Business Automation Workflow 18 | cvebase.io