How severe is CVE-2021-29753?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Ibm Business Automation Workflow

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

EPSS: 0.001 (21.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/PR:N/C:H/S:U/AV:N/UI:N/A:N/AC:H/I:N/RC:C/RL:O/E:U.

Affected products

Ibm Business Automation Workflow — versions 18.0, 19.0, 20.0
Ibm Business Process Manager — versions 8.5, 8.6

References

www.ibm.com/support/pages/node/6513703 (x_refsource_CONFIRM)
ibm-baw-cve202129753-info-disc (201919) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2021-29753?: CVE-2021-29753 is a medium-severity vulnerability in Ibm Business Automation Workflow. CVSS score: 5.9/10. Published 2021-11-05.
How severe is CVE-2021-29753?: Medium severity. CVSS v3 base score is 5.9 out of 10.