IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537.
Weakness
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Business_automation_workflow | Ibm | 18.0.0.0 (including) | 18.0.0.2 (including) |
| Business_automation_workflow | Ibm | 19.0.0.0 (including) | 19.0.0.3 (including) |
| Business_automation_workflow | Ibm | 20.0.0.1 (including) | 20.0.0.1 (including) |
| Business_automation_workflow | Ibm | 20.0.0.2 (including) | 20.0.0.2 (including) |
| Business_automation_workflow | Ibm | 21.0.1 (including) | 21.0.1 (including) |
| Business_automation_workflow | Ibm | 21.0.2 (including) | 21.0.2 (including) |
| Business_automation_workflow | Ibm | 21.0.3 (including) | 21.0.3 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if002 (including) | 21.0.3-if002 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if005 (including) | 21.0.3-if005 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if006 (including) | 21.0.3-if006 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if007 (including) | 21.0.3-if007 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if008 (including) | 21.0.3-if008 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if009 (including) | 21.0.3-if009 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if010 (including) | 21.0.3-if010 (including) |
| Business_automation_workflow | Ibm | 21.0.3-if011 (including) | 21.0.3-if011 (including) |
| Business_automation_workflow | Ibm | 22.0.1 (including) | 22.0.1 (including) |
| Business_automation_workflow | Ibm | 22.0.1-if001 (including) | 22.0.1-if001 (including) |