{"containers": {"cna": {"affected": [{"product": "Business Process Manager Express", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.6"}, {"status": "affected", "version": "8.5.7.CF201706"}, {"status": "affected", "version": "8.5.7.CF201703"}, {"status": "affected", "version": "8.5.7.CF201612"}, {"status": "affected", "version": "8.5.7.CF201609"}, {"status": "affected", "version": "8.5.7.CF201606"}, {"status": "affected", "version": "8.5.7"}, {"status": "affected", "version": "8.5.6.2"}, {"status": "affected", "version": "8.5.6.1"}, {"status": "affected", "version": "8.5.6"}, {"status": "affected", "version": "8.5.5"}]}], "datePublic": "2020-06-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/I:N/UI:N/PR:N/AC:L/C:L/A:N/S:U/AV:N/E:U/RL:O/RC:C", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Obtain Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-17T17:40:12.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6233276"}, {"name": "ibm-baw-cve20204532-info-disc (182716)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182716"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2020-06-16T00:00:00", "ID": "CVE-2020-4532", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Business Process Manager Express", "version": {"version_data": [{"version_value": "8.6"}, {"version_value": "8.5.7.CF201706"}, {"version_value": "8.5.7.CF201703"}, {"version_value": "8.5.7.CF201612"}, {"version_value": "8.5.7.CF201609"}, {"version_value": "8.5.7.CF201606"}, {"version_value": "8.5.7"}, {"version_value": "8.5.6.2"}, {"version_value": "8.5.6.1"}, {"version_value": "8.5.6"}, {"version_value": "8.5.5"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716."}]}, "impact": {"cvssv3": {"BM": {"A": "N", "AC": "L", "AV": "N", "C": "L", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Obtain Information"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6233276", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6233276 (Business Process Manager Express)", "url": "https://www.ibm.com/support/pages/node/6233276"}, {"name": "ibm-baw-cve20204532-info-disc (182716)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182716"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:07:48.930Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6233276"}, {"name": "ibm-baw-cve20204532-info-disc (182716)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182716"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4532", "datePublished": "2020-06-17T17:40:12.479Z", "dateReserved": "2019-12-30T00:00:00.000Z", "dateUpdated": "2024-09-16T21:07:34.266Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "10B802CE-F898-4B60-9E2C-4D271F9211C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "A214C54D-C6DF-408C-BDEA-DCF7DEFBCCA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D88BD08-CE33-4E18-B01E-CA5D7070077D", "versionEndExcluding": "8.5.7.0", "versionStartIncluding": "8.5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:business_process_manager:8.6.0.0:-:*:*:-:*:*:*", "matchCriteriaId": "6DE7BCD3-C969-4248-B325-8EAAE9959797", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716."}, {"lang": "es", "value": "IBM Business Automation Workflow e IBM Business Process Manager (IBM Business Process Manager Express versiones 8.5.5, 8.5.6, 8.5.7 y 8.6), podr\u00edan permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 182716"}], "id": "CVE-2020-4532", "lastModified": "2024-11-21T05:32:51.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-17T18:15:12.220", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182716"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6233276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6233276"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}