How severe is CVE-2021-29751?

Low severity. CVSS v3 base score is 3.1 out of 10.

Vulnerability in Ibm Business Automation Workflow

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.

EPSS: 0.002 (45.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.0/C:L/UI:N/S:U/AV:N/PR:L/I:N/AC:H/A:N/E:U/RL:O/RC:C.

Affected products

Ibm Business Automation Workflow — versions 18.0, 19.0, 20.0
Ibm Business Process Manager — versions 8.5, 8.6
Ibm Cloud Pak For Automation — versions 20.0.3.IF002, 21.0.1

References

www.ibm.com/support/pages/node/6465127 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6467055 (x_refsource_CONFIRM)
ibm-baw-cve202129751-info-disc (201779) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2021-29751?: CVE-2021-29751 is a low-severity vulnerability in Ibm Business Automation Workflow. CVSS score: 3.1/10. Published 2021-06-28.
How severe is CVE-2021-29751?: Low severity. CVSS v3 base score is 3.1 out of 10.