How severe is CVE-2020-4490?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Ibm Business Automation Workflow

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability…

EPSS: 0.001 (29.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/UI:R/S:U/AV:N/PR:N/A:N/AC:H/I:H/C:N/E:U/RL:O/RC:C.

Affected products

Ibm Business Automation Workflow — versions 18.0.0.0, 19.0.0.0
Ibm Business Process Manager Advanced — versions 8.0, 8.0.1, 8.0.1.1

References

www.ibm.com/support/pages/node/6217550 (x_refsource_CONFIRM)
ibm-baw-cve20204490-sec-bypass (181989) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2020-4490?: CVE-2020-4490 is a medium-severity vulnerability in Ibm Business Automation Workflow. CVSS score: 5.3/10. Published 2020-05-29.
How severe is CVE-2020-4490?: Medium severity. CVSS v3 base score is 5.3 out of 10.