CVE-2021-29753

CWE-319 — Cleartext Transmission3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.1%

top 78.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Automation Workflow IBM Business Process Manager

Timeline

PublishedNov 5

Latest updateMay 24

Description

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/business_process_manager8.5, 8.6+1

▶NVDibm/business_process_manager8.5.0.0, 8.6.0.0+1

▶CVEListV5ibm/business_automation_workflow4 versions+3

▶NVDibm/business_automation_workflow4 versions+3

🔴Vulnerability Details

GHSA

GHSA-rggj-vgc7-hj7v: IBM Business Automation Workflow 18↗2022-05-24

▶

CVEList

CVE-2021-29753: IBM Business Automation Workflow 18↗2021-11-05

▶