IBM Cloud Pak for Business Automation security bypass
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.
IBM Cloud Pak for Business Automation security bypass
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
Version
Base score
Base severity
Vector
3.1
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version:3.1
Base score:6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Affected Product(s) Version(s) Remediation / Fix
IBM Cloud Pak for Business Automation V24.0.1 - V24.0.1-IF002 Apply security fix 24.0.1-IF004 or upgrade to V25.0.0
IBM Cloud Pak for Business Automation V24.0.0 - V24.0.0-IF005 Upgrade and apply security fix 24.0.0-IF006 or upgrade to 24.0.1-IF004 or upgrade to V25.0.0
IBM Cloud Pak for Business Automation earlier unsupported releases Upgrade to 24.0.0-IF006 or upgrade to 24.0.1-IF004 or upgrade to V25.0.0
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.