{"containers":{"cna":{"affected":[{"product":"Automation Workstream Services","vendor":"IBM","versions":[{"status":"affected","version":"19.0.3"},{"status":"affected","version":"20.0.1"},{"status":"affected","version":"20.0.2"}]},{"product":"Business Process Manager","vendor":"IBM","versions":[{"status":"affected","version":"8.6"}]},{"product":"Business Automation Workflow","vendor":"IBM","versions":[{"status":"affected","version":"19.0"},{"status":"affected","version":"20.0"},{"status":"affected","version":"18.0"}]}],"datePublic":"2020-12-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","exploitCodeMaturity":"UNPROVEN","integrityImpact":"NONE","privilegesRequired":"LOW","remediationLevel":"OFFICIAL_FIX","reportConfidence":"CONFIRMED","scope":"UNCHANGED","temporalScore":4.7,"temporalSeverity":"MEDIUM","userInteraction":"NONE","vectorString":"CVSS:3.0/A:L/I:N/C:L/AC:L/PR:L/S:U/AV:N/UI:N/RC:C/E:U/RL:O","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Denial of Service","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-12-21T17:50:30.000Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.ibm.com/support/pages/node/6359463"},{"name":"ibm-icp4a-cve20204794-input-validation (189445)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2020-12-18T00:00:00","ID":"CVE-2020-4794","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Automation Workstream Services","version":{"version_data":[{"version_value":"19.0.3"},{"version_value":"20.0.1"},{"version_value":"20.0.2"}]}},{"product_name":"Business Process Manager","version":{"version_data":[{"version_value":"8.6"}]}},{"product_name":"Business Automation Workflow","version":{"version_data":[{"version_value":"19.0"},{"version_value":"20.0"},{"version_value":"18.0"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445."}]},"impact":{"cvssv3":{"BM":{"A":"L","AC":"L","AV":"N","C":"L","I":"N","PR":"L","S":"U","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of Service"}]}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/6359463","refsource":"CONFIRM","title":"IBM Security Bulletin 6359463 (Automation Workstream Services)","url":"https://www.ibm.com/support/pages/node/6359463"},{"name":"ibm-icp4a-cve20204794-input-validation (189445)","refsource":"XF","title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T08:14:58.550Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.ibm.com/support/pages/node/6359463"},{"name":"ibm-icp4a-cve20204794-input-validation (189445)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/189445"}]}]},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2020-4794","datePublished":"2020-12-21T17:50:30.680Z","dateReserved":"2019-12-30T00:00:00.000Z","dateUpdated":"2024-09-16T18:43:25.778Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}