{ "CVE_data_meta": { "STATE": "PUBLIC", "ID": "CVE-2021-29751", "ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-06-25T00:00:00" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Business Process Manager", "version": { "version_data": [ { "version_value": "8.5" }, { "version_value": "8.6" } ] } }, { "version": { "version_data": [ { "version_value": "18.0" }, { "version_value": "19.0" }, { "version_value": "20.0" } ] }, "product_name": "Business Automation Workflow" }, { "version": { "version_data": [ { "version_value": "20.0.3.IF002" }, { "version_value": "21.0.1" } ] }, "product_name": "Cloud Pak for Automation" } ] }, "vendor_name": "IBM" } ] } }, "data_version": "4.0", "data_format": "MITRE", "data_type": "CVE", "description": { "description_data": [ { "lang": "eng", "value": "IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779." } ] }, "references": { "reference_data": [ { "name": "https://www.ibm.com/support/pages/node/6465127", "refsource": "CONFIRM", "url": "https://www.ibm.com/support/pages/node/6465127", "title": "IBM Security Bulletin 6465127 (Cloud Pak for Automation)" }, { "title": "IBM Security Bulletin 6467055 (Business Automation Workflow)", "url": "https://www.ibm.com/support/pages/node/6467055", "refsource": "CONFIRM", "name": "https://www.ibm.com/support/pages/node/6467055" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201779", "title": "X-Force Vulnerability Report", "name": "ibm-baw-cve202129751-info-disc (201779)", "refsource": "XF" } ] }, "impact": { "cvssv3": { "BM": { "SCORE": "3.100", "C": "L", "UI": "N", "S": "U", "AV": "N", "PR": "L", "I": "N", "AC": "H", "A": "N" }, "TM": { "E": "U", "RL": "O", "RC": "C" } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Obtain Information" } ] } ] } }