CVE-2024-49348
IBM Cloud Pak for Business Automation incorrect privilege assignment
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
05 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2
allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly grants access to user queries in an unexpected context.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
IBM · Cloud Pak for Business AutomationWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →