{
    "references": {
        "reference_data": [
            {
                "title": "IBM Security Bulletin 6359463 (Automation Workstream Services)",
                "url": "https://www.ibm.com/support/pages/node/6359463",
                "refsource": "CONFIRM",
                "name": "https://www.ibm.com/support/pages/node/6359463"
            },
            {
                "name": "ibm-icp4a-cve20204794-input-validation (189445)",
                "refsource": "XF",
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189445",
                "title": "X-Force Vulnerability Report"
            }
        ]
    },
    "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2020-4794",
        "DATE_PUBLIC": "2020-12-18T00:00:00",
        "STATE": "PUBLIC"
    },
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "value": "IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.",
                "lang": "eng"
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "IBM",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Automation Workstream Services",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "19.0.3"
                                        },
                                        {
                                            "version_value": "20.0.1"
                                        },
                                        {
                                            "version_value": "20.0.2"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "Business Process Manager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "8.6"
                                        }
                                    ]
                                }
                            },
                            {
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "19.0"
                                        },
                                        {
                                            "version_value": "20.0"
                                        },
                                        {
                                            "version_value": "18.0"
                                        }
                                    ]
                                },
                                "product_name": "Business Automation Workflow"
                            }
                        ]
                    }
                }
            ]
        }
    },
    "impact": {
        "cvssv3": {
            "TM": {
                "RC": "C",
                "E": "U",
                "RL": "O"
            },
            "BM": {
                "SCORE": "5.400",
                "A": "L",
                "I": "N",
                "C": "L",
                "AC": "L",
                "PR": "L",
                "S": "U",
                "AV": "N",
                "UI": "N"
            }
        }
    },
    "data_type": "CVE",
    "data_format": "MITRE",
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "value": "Denial of Service",
                        "lang": "eng"
                    }
                ]
            }
        ]
    }
}