IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.
References
| Link | Resource |
|---|---|
| https://www.ibm.com/support/pages/node/7241570 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Aug 2025, 18:19
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_004:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_001:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:interim_fix_005:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_001:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:interim_fix_002:*:*:*:*:*:* |
|
| References | () https://www.ibm.com/support/pages/node/7241570 - Vendor Advisory | |
| First Time |
Ibm cloud Pak For Business Automation
Ibm |
08 Aug 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-08 15:15
Updated : 2025-08-15 18:19
NVD link : CVE-2025-36023
Mitre link : CVE-2025-36023
JSON object : View
Products Affected
ibm
- cloud_pak_for_business_automation
CWE
CWE-639
Authorization Bypass Through User-Controlled Key