IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Business_automation_workflow | Ibm | 18.0.0.0 (including) | 18.0.0.0 (including) |
| Business_automation_workflow | Ibm | 18.0.0.1 (including) | 18.0.0.1 (including) |
| Business_automation_workflow | Ibm | 18.0.0.2 (including) | 18.0.0.2 (including) |
| Business_automation_workflow | Ibm | 19.0.0.1 (including) | 19.0.0.1 (including) |
| Business_automation_workflow | Ibm | 19.0.0.2 (including) | 19.0.0.2 (including) |
| Business_automation_workflow | Ibm | 19.0.0.3 (including) | 19.0.0.3 (including) |
| Business_automation_workflow | Ibm | 20.0.0.1 (including) | 20.0.0.1 (including) |
| Business_automation_workflow | Ibm | 20.0.0.2 (including) | 20.0.0.2 (including) |
| Business_automation_workflow | Ibm | 21.0.2 (including) | 21.0.2 (including) |
| Business_process_manager | Ibm | 8.5 (including) | 8.5 (including) |
| Business_process_manager | Ibm | 8.6 (including) | 8.6 (including) |