CVE-2020-4674 : IBM Workload Automation 9.5 stores the server path in URLs that could aid in fur

IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287.

Published 2021-01-12 15:15:14

Updated 2021-01-14 00:59:10

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2020-4674

IBM » Workload Automation » Version: 9.5
cpe:2.3:a:ibm:workload_automation:9.5:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	IBM Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

https://exchange.xforce.ibmcloud.com/vulnerabilities/186287

IBM Workload Automation information disclosure CVE-2020-4674 Vulnerability Report
VDB Entry;Vendor Advisory
https://www.ibm.com/support/pages/node/6402483

Security Bulletin: Server path disclosure pattern is present in IBM Workload Scheduler
Broken Link;Vendor Advisory

Jump to